I was randomly browsing your malware rules when my eyes landed on MALWARE_Linux_RansomExxcondition. It says 5 of ($s*) or 6 of ($s*) which does not make sense to me. From the context I would guess it should be something like: 5 of ($s*) or 6 of ($c*). I would make a PR, but I'm not really sure if I'm guessing right.
I was randomly browsing your malware rules when my eyes landed on
MALWARE_Linux_RansomExx
condition. It says5 of ($s*) or 6 of ($s*)
which does not make sense to me. From the context I would guess it should be something like:5 of ($s*) or 6 of ($c*)
. I would make a PR, but I'm not really sure if I'm guessing right.