Tox "ransomware"

https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us

Tox "ransomware"
https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us
e65dfd14 · SnakeByte · 6bbae96e · e65dfd14
Commit e65dfd14 authored Jun 01, 2015 by SnakeByte
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 0 deletions

tox.yar malware/tox.yar +33 -0

No files found.
--- a/malware/tox.yar
+++ b/malware/tox.yar
+rule Win32Toxic : tox ransomware
+{
+meta:
+	author = "@GelosSnake"
+	date = "2015-06-01"
+	description = "https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us"
+	hash0 = "3133c2231fcee5d6b0b4c988a5201da1"
+	hash1 = "048c007de4902b6f4731fde45fa8e6a9"
+	hash2 = "52c9d25179bf010a4bb20d5b5b4e0615"
+	sample_filetype = "exe"
+strings:
+	$string0 = "t;>t.4"
+	$string1 = "PKCS_PADDING"
+	$string2 = "IxH' E"
+	$string3 = "is>num"
+	$string4 = "AddAtomA"
+	$string5 = "XPTPSW"
+	$string6 = "vwxyz{" wide
+	$string7 = "symbols"
+	$string8 = "V():  "
+	$string9 = "@/tc84"
+	$string10 = "mb_cur"
+	$string11 = "1Jtt;0"
+	$string12 = "<DIR>n"
+	$string13 = "n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<<t;<<t;<<t;<<t;<<t;<<t;<<t;<<t<<<t;<<t;<<t;<<"
+	$string14 = "ASL-IRA"
+	$string15 = "k-PAUSE"
+condition:
+	15 of them
+}
+
+        
\ No newline at end of file