id: tox-malware

info:
  name: Tox Malware - Detect
  author: daffainfo
  severity: info
  reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Tox.yar
  tags: malware,file
file:
  - extensions:
      - all

    matchers-condition: or
    matchers:
      - type: word
        part: raw
        words:
          - "n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<<t;<<t;<<t;<<t;<<t;<<t;<<t;<<t<<<t;<<t;<<t;<<"
          - "t;<<t;<<t<<<t<<"
        condition: and

      - type: word
        part: raw
        words:
          - "t;<<t;<<t<<<t<<"
          - ">>><<<"
        condition: and

      - type: word
        part: raw
        words:
          - "n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<<t;<<t;<<t;<<t;<<t;<<t;<<t;<<t<<<t;<<t;<<t;<<"
          - ">>><<<"
        condition: and

# digest: 490a004630440220145a23c07dceab65162628617ab1d5f68f98681d263bdd753bbea601d475a39302206cfc0ef865f74a4b2ad37e3b5e0a5a4b6d12eeb49ddcbb2301b47f5d544072f0:922c64590222798bb761d5b6d8e72950