diff --git a/yara/PartyTicket.yar b/yara/PartyTicket.yar
new file mode 100644
index 0000000..a249c0f
--- /dev/null
+++ b/yara/PartyTicket.yar
@@ -0,0 +1,15 @@
+rule PartyTicket : malware {
+    meta:
+        description = "PartyTicket ransomware during ukraine conflict, written in GO"
+        source = "Orange CD"
+        date = "28/02/22"
+        researcher = "Alexandre MATOUSEK"
+        category = "ransom"
+    strings:
+        $ = "read_me.html"
+        $ = "403forBiden" nocase
+        $ = "wHiteHousE.go" nocase
+        $ = ".encryptedJB"
+    condition:
+        all of them
+}