2024-06-20 09:42:34 +00:00
|
|
|
id: industroyer-malware-hash
|
|
|
|
info:
|
|
|
|
name: Industroyer Malware Hash - Detect
|
|
|
|
author: pussycat0x
|
|
|
|
severity: info
|
|
|
|
description: Detects Industroyer related malware
|
|
|
|
reference:
|
|
|
|
- https://goo.gl/x81cSy
|
|
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Industroyer.yar
|
|
|
|
tags: malware,industroyer,apt
|
|
|
|
|
|
|
|
file:
|
2024-06-20 12:38:35 +00:00
|
|
|
- extensions:
|
|
|
|
- all
|
2024-06-20 09:42:34 +00:00
|
|
|
|
2024-06-20 13:16:17 +00:00
|
|
|
matchers:
|
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- "sha256(raw) == 'ad23c7930dae02de1ea3c6836091b5fb3c62a89bf2bcfb83b4b39ede15904910'"
|
|
|
|
- "sha256(raw) == '018eb62e174efdcdb3af011d34b0bf2284ed1a803718fba6edffe5bc0b446b81'"
|
|
|
|
- "sha256(raw) == '3e3ab9674142dec46ce389e9e759b6484e847f5c1e1fc682fc638fc837c13571'"
|
|
|
|
- "sha256(raw) == '37d54e3d5e8b838f366b9c202f75fa264611a12444e62ae759c31a0d041aa6e4'"
|
|
|
|
- "sha256(raw) == 'ecaf150e087ddff0ec6463c92f7f6cca23cc4fd30fe34c10b3cb7c2a6d135c77'"
|
|
|
|
- "sha256(raw) == '6d707e647427f1ff4a7a9420188a8831f433ad8c5325dc8b8cc6fc5e7f1f6f47'"
|
|
|
|
- "sha256(raw) == '893e4cca7fe58191d2f6722b383b5e8009d3885b5913dcd2e3577e5a763cdb3f'"
|
|
|
|
- "sha256(raw) == '21c1fdd6cfd8ec3ffe3e922f944424b543643dbdab99fa731556f8805b0d5561'"
|
|
|
|
- "sha256(raw) == '7907dd95c1d36cf3dc842a1bd804f0db511a0f68f4b3d382c23a3c974a383cad'"
|
|
|
|
condition: or
|
2024-06-21 10:04:41 +00:00
|
|
|
# digest: 4b0a0048304602210080c6157e9dddd2e4fe5922dd89a088a382a7a9dcabcf3ed2be3ff364360e98c1022100da6a030cb87f7367d5c71f98b05dfa0a58e549c124b8a9f0f51bb91e759a6739:922c64590222798bb761d5b6d8e72950
|