bravox

Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.

/*
bravox ransomware
*/

rule bravox_Ransomnote
{
    meta:
        author = "ransomware.live"
        family = "ransomware.bravox"
        description = "Detects bravox ransomware ransom note or artifact"
        date = "2026-05-04"
        severity = 7
        score = 70

    strings:
        $name1 = "bravox" ascii nocase
        $name2 = "BRAVOX" ascii
        $onion  = "bravox.onion" ascii nocase

    condition:
        any of them
}

• https://www.ransomware.live/group/bravox