add TOOLKIT_Redteam_Tools_by_Name.yar, TOOLKIT_Redteam_Tools_by_GUID.yar, TOOLKIT_Solarwinds_credential_stealer.yar

rules to detect 339 hacktools, mostly c#

Create MALW_PurpleWave.yar

Create Email_PHP_Mailer.yar

change file type comment from exe to jar for JavaDropper : RAT

Add rules for SipHash and Aria

Stuxnet python rule

Marking Surtr referenced rules RSharedStrings, RemoteStrings, and GmRemoteStrings as private to limit false alerts.

RSharedStrings alerts on Microsoft signed wininet.dll	6B39A43271B0A631EAEFDAFDD51D17E3
SharedStrings alerts on Microsoft signed ntoskrnl.exe 68762D4C4412B4BB52BE2FC11F977503

Signed-off-by: Ryan B <randomrhythm@rhythmengineering.com>

Signed-off-by: Ryan B <randomrhythm@rhythmengineering.com>

yara rule to detect PurpleWave

rule to attempt to find webmailers sent from compromised hosts.

rename contentis_base64 to contains

Move MicrosoftVisualCV80 rule from packer.yar

add .yar extensions and fix a typo

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-31st-2018-devs-on-vacation/
is mentioned as the reference, and the picture has a space between “the” and “decryption”.