2024-06-20 09:42:34 +00:00
|
|
|
id: bluelight-malware-hash
|
2024-06-19 10:13:35 +00:00
|
|
|
info:
|
2024-06-20 09:42:34 +00:00
|
|
|
name: bluelight Malware Hash - Detect
|
2024-06-19 10:13:35 +00:00
|
|
|
author: pussycat0x
|
|
|
|
|
severity: info
|
|
|
|
|
description: North Korean origin malware which uses a custom Google App for C2 communications.
|
|
|
|
|
reference:
|
|
|
|
|
- https://github.com/volexity/threat-intel/blob/main/2021/2021-08-17%20-%20InkySquid%20Part%201/indicators/yara.yar
|
|
|
|
|
tags: malware,inkysquid
|
|
|
|
|
|
|
|
|
|
file:
|
|
|
|
|
- extensions:
|
|
|
|
|
- all
|
|
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
|
|
|
|
- "sha256(raw) == '837eaf7b736583497afb8bbdb527f70577901eff04cc69d807983b233524bfed'"
|
|
|
|
|
- "sha256(raw) == '7c40019c1d4cef2ffdd1dd8f388aaba537440b1bffee41789c900122d075a86d'"
|
|
|
|
|
- "sha256(raw) == '94b71ee0861cc7cfbbae53ad2e411a76f296fd5684edf6b25ebe79bf6a2a600a'"
|
2024-06-21 10:04:41 +00:00
|
|
|
condition: or
|
|
|
|
|
# digest: 4b0a00483046022100bee4e8268cf26453045145f505f3aa37568f85c67d982701b3d3c06b750a3dc4022100adbefd57c061ddfe5ab00a929baa9e8eecf250eac26791bf3d0e80bf58544170:922c64590222798bb761d5b6d8e72950
|
