diff --git a/YARA/BruteRatel_badger.yar b/YARA/BruteRatel_badger.yar
new file mode 100644
index 0000000..faa31fe
--- /dev/null
+++ b/YARA/BruteRatel_badger.yar
@@ -0,0 +1,19 @@
+rule BruteRatel_badger
+{
+  strings:
+       //mov eax, 0x00
+       // push eax
+       //mov eax, 0x00
+       // push eax
+       //mov eax, 0x00
+       // push eax
+       //mov eax, 0x00
+       // push eax
+       //mov eax, 0x00
+       // push eax
+       //mov eax, 0x00
+       // push eax
+       $code = { B8 00 00 00 00 50 B8 00 00 00 00 50 B8 00 00 00 00 50 B8 00 00 00 00 50 B8 00 00 00 00 50 B8 00 00 00 00 50}
+  condition:
+      all of them
+}
diff --git a/YARA/brc4_badger.yar b/YARA/brc4_badger.yar
new file mode 100644
index 0000000..ecac1e5
--- /dev/null
+++ b/YARA/brc4_badger.yar
@@ -0,0 +1,10 @@
+rule brc4_badger
+{
+meta:
+    description = "Identifies strings from Brute Ratel v1.1"
+strings:
+    $a = "\"chkin\":"
+    $b = "\"kimche\":"
+condition:
+    $a or $b
+}