nuclei-templates/file/malware/hash/unit78020-malware-hash.yaml

27 lines
1.2 KiB
YAML
Raw Permalink Normal View History

2024-06-20 09:42:34 +00:00
id: unit78020-malware-hash
info:
name: Unit 78020 Malware Hash - Detect
author: pussycat0x
severity: info
description: |
Detects malware by Chinese APT PLA Unit 78020 - Generic Rule
reference: |
http://threatconnect.com/camerashy/?utm_campaign=CameraShy
https://github.com/Yara-Rules/rules/blob/master/malware/APT_Unit78020.yar
tags: malware,unit78020
file:
2024-06-20 12:38:35 +00:00
- extensions:
- all
2024-06-20 09:42:34 +00:00
2024-06-20 13:16:17 +00:00
matchers:
- type: dsl
dsl:
- "sha256(raw) == '2b15e614fb54bca7031f64ab6caa1f77b4c07dac186826a6cd2e254090675d72'"
- "sha256(raw) == '76c586e89c30a97e583c40ebe3f4ba75d5e02e52959184c4ce0a46b3aac54edd'"
- "sha256(raw) == '2625a0d91d3cdbbc7c4a450c91e028e3609ff96c4f2a5a310ae20f73e1bc32ac'"
- "sha256(raw) == '5c62b1d16e6180f22a0cb59c99a7743f44cb4a41e4e090b9733d1fb687c8efa2'"
- "sha256(raw) == '7b73bf2d80a03eb477242967628da79924fbe06cc67c4dcdd2bdefccd6e0e1af'"
- "sha256(raw) == '88c5be84afe20c91e4024160303bafb044f98aa5fbf8c9f9997758a014238790'"
condition: or
# digest: 4a0a00473045022100dc54d186a602d92d8a61784d00509d7e29d56e847841f083ee3b69ea346aeb8402203be2261ebe0752c89b61e478caf3e2e164640ef94c04d68514a68d7b95f1e17c:922c64590222798bb761d5b6d8e72950