diff --git a/yara/volt_typhoon_cisa.md b/yara/volt_typhoon_cisa.md
new file mode 100644
index 0000000..6d6db43
--- /dev/null
+++ b/yara/volt_typhoon_cisa.md
@@ -0,0 +1,15 @@
+
+
+```
+rule ShellJSP {
+strings:
+$s1 = "decrypt(fpath)"
+$s2 = "decrypt(fcontext)"
+$s3 = "decrypt(commandEnc)"
+$s4 = "upload failed!"
+$s5 = "aes.encrypt(allStr)"
+$s6 = "newid"
+condition:
+filesize < 50KB and 4 of them
+}
+```
\ No newline at end of file