DECLARE @tagid int;
DECLARE @rulenum int;
SELECT @tagid=MAX(id) FROM host_verification_tags;
SELECT @rulenum=MAX(rule_number) FROM host_verification_rules;
IF @tagid IS NULL
    SET @tagid=0
ELSE
	SET @tagid=@tagid + 1
IF @rulenum IS NULL
    SET @rulenum=0
ELSE
	SET @rulenum=@rulenum + 1
SET IDENTITY_INSERT [dbo].[host_verification_tags] ON
insert into host_verification_tags(id, name) values(@tagid, 'REvil Compromised')
SET IDENTITY_INSERT [dbo].[host_verification_tags] OFF


DECLARE @name nvarchar(100)
DECLARE @index int
SET @name=N'REvil_IOC_registry_key'
insert into host_verification_rule_sets(name, status, tag, comments) values(@name, 1, @tagid, 'REvil IOC registry key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BlackLivesMatter');
SELECT @index=SCOPE_IDENTITY();
insert into host_verification_rules(os, type, content, negative, rule_set_id, rule_number) values(1, 7, 'HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BlackLivesMatter\', 0, @index, @rulenum)

SET @name=N'REvil_IOC_crt'
insert into host_verification_rule_sets(name, status, tag, comments) values(@name, 1, @tagid+1, 'REvil IOC file: agent.crt');
SELECT @index=SCOPE_IDENTITY();
SET @rulenum=@rulenum+1;
insert into host_verification_rules(os, type, content, negative, rule_set_id, rule_number) values(1, 4, 'c:\kworking\agent.crt', 0, @index, @rulenum)

SET @name=N'REvil_IOC_exe'
insert into host_verification_rule_sets(name, status, tag, comments) values(@name, 1, @tagid+1, 'REvil IOC file: agent.exe');
SELECT @index=SCOPE_IDENTITY();
SET @rulenum=@rulenum+1;
insert into host_verification_rules(os, type, content, negative, rule_set_id, rule_number) values(1, 4, 'c:\kworking\agent.exe', 0, @index, @rulenum)

GO