Common Information
| Type | Value |
|---|---|
| Value |
import "pe"
import "math"
import "hash"
rule Mal_Ransom_Vovalex {
meta:
description = "Vovalex Ransomware"
author = "Blackberry Threat Research & Intelligence"
strings:
$f0 = { 52 45 41 44 4D 45 2E 56 4F 56 41 4C }
$f1 = { 6E 6F 74 65 70 61 64 00 }
$rans_note1 = "Send us a mail with proofs of transaction: VovanAndLexus@cock.li"
$rans_note2 = "README.VOVALEX.txt"
$rans_note3 = "VovanAndLexus@cock.li"
$rans_note4 = "Monero: 4B45W7V1sJAZBnPSnvcipa5k7BRyC4w8GCTfQCUL2XRx5CFzG3iJtEk2kqEvFbF7FagEafRYFfQ6FJnZmep5TsnrSfxpMkS"
$rans_note5 = "Send 0.5 XMR to this Monero wallet: 4B45W7V1sJAZBnPSnvcipa5k7BRyC4w8GCTfQCUL2XRx5CFzG3iJtEk2kqEvFbF7FagEafRYFfQ6FJnZmep5TsnrSfxpMkS"
condition:
pe.is_64bit() and all of ($f*) and 4 of ($rans_note*)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |