nuclei-templates/file/malware/hash/codoso-malware-hash.yaml

27 lines
1011 B
YAML
Raw Normal View History

2024-06-20 09:42:34 +00:00
id: codoso-malware-hash
info:
name: Codoso APT Malware Hash - Detect
author: pussycat0x
severity: info
description: |
Detects Codoso APT Malware.
reference:
- https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Codoso.yar
tags: malware,apt,codoso
file:
2024-06-20 12:38:35 +00:00
- extensions:
- all
2024-06-20 09:42:34 +00:00
matchers:
2024-06-20 12:38:35 +00:00
- type: dsl
dsl:
- "sha256(raw) == 'ea67d76e9d2e9ce3a8e5f80ff9be8f17b2cd5b1212153fdf36833497d9c060c0'"
- "sha256(raw) == '130abb54112dd47284fdb169ff276f61f2b69d80ac0a9eac52200506f147b5f8'"
- "sha256(raw) == '3ea6b2b51050fe7c07e2cf9fa232de6a602aa5eff66a2e997b25785f7cf50daa'"
- "sha256(raw) == '02cf5c244aebaca6195f45029c1e37b22495609be7bdfcfcd79b0c91eac44a13'"
- "sha256(raw) == 'd66106ec2e743dae1d71b60a602ca713b93077f56a47045f4fc9143aa3957090'"
- "sha256(raw) == '3577845d71ae995762d4a8f43b21ada49d809f95c127b770aff00ae0b64264a3'"
condition: or