nuclei-templates/file/malware/hash/backwash-malware-hash.yaml

29 lines
1.4 KiB
YAML
Raw Permalink Normal View History

2024-06-20 09:42:34 +00:00
id: backwash-malware-hash
2024-06-19 10:13:35 +00:00
info:
2024-06-20 09:42:34 +00:00
name: Backwash Malware Hash - Detect
2024-06-19 10:13:35 +00:00
author: pussycat0x
severity: info
2024-06-20 09:42:34 +00:00
description: |
CPP loader for the Backwash malware.
2024-06-19 10:13:35 +00:00
reference:
- https://github.com/volexity/threat-intel/blob/main/2021/2021-12-06%20-%20XEGroup/indicators/yara.yar
- https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/
tags: malware,xegroup
file:
- extensions:
- all
matchers:
- type: dsl
dsl:
- "sha256(raw) == '0cf93de64aa4dba6cec99aa5989fc9c5049bc46ca5f3cb327b49d62f3646a852'"
- "sha256(raw) == '21683e02e11c166d0cf616ff9a1a4405598db7f4adfc87b205082ae94f83c742'"
- "sha256(raw) == '6f44a9c13459533a1f3e0b0e698820611a18113c851f763797090b8be64fd9d5'"
- "sha256(raw) == '92f9593cfa0a28951cae36755d54de63631377f1b954a4cb0474fa0b6193c537'"
- "sha256(raw) == '815d262d38a26d5695606d03d5a1a49b9c00915ead1d8a2c04eb47846100e93f'"
- "sha256(raw) == '72f7d4d3b9d2e406fa781176bd93e8deee0fb1598b67587e1928455b66b73911'"
- "sha256(raw) == '4d913ecb91bf32fd828d2153342f5462ae6b84c1a5f256107efc88747f7ba16c'"
- "sha256(raw) == '98e39573a3d355d7fdf3439d9418fdbf4e42c2e03051b5313d5c84f3df485627'"
condition: or
# digest: 4b0a00483046022100ae727b6d00154914ae43b7d0570a5e4abee33341a6b5786be48fe2bb027d8408022100d0ef741360e46aded1e0d7609864fb6d12c154d343233251799bc896550476e8:922c64590222798bb761d5b6d8e72950