rule RansomHouse {
	meta:
		description = "rule to detect RansomHouse"
		author = "ShadowStackRe.com"
		date = "2024-02-20"
		Rule_Version = "v1"
		malware_type = "ransomware"
		malware_family = "RansomHouse"
		License = "MIT License, https://opensource.org/license/mit/"
	strings:
		$strFileExt = ".emario"
		$strRestore = "How To Restore Your Files.txt"
		$strEncrypted = "/path/to/be/encrypted"
		$strCrypted = "Crypted:"
	condition:
		filesize < 100KB and all of ($str*)
}