diff --git a/signatures/common.yara b/signatures/common.yara
new file mode 100644
index 0000000..802d7be
--- /dev/null
+++ b/signatures/common.yara
@@ -0,0 +1,32 @@
+
+rule CHIENESE_NEZHA_ARGO
+{
+  strings:
+    $a1 = "TkVaSEE="
+    $a2 = "tunnel.json"
+    $a3 = "vless"
+    $a4 = "dmxlc3M="
+    $a5 = "/vmess"
+    $a6 = "L3ZtZXNz"
+    $a7 = "V0FSUA=="
+    $a8 = "/eooce/"
+    $a9 = "ARGO_AUTH"
+    $a10 = "--edge-ip-version"
+    $a11 = "LS1lZGdlLWlwLXZlcnNpb24="
+    
+
+    condition:
+    2 of ($a1, $a2, $a3, $a4, $a5, $a6, $a7, $a8, $a9, $a10, $a11)  
+}
+
+
+rule OVERLOAD_CRYPTO_MINER
+{
+	meta:
+        ref = "https://gist.github.com/GelosSnake/c2d4d6ef6f93ccb7d3afb5b1e26c7b4e"
+  strings:
+    $a1 = "stratum+tcp"
+    condition:
+    $a1  
+}
+