2024-06-20 09:42:34 +00:00
|
|
|
id: tidepool-malware-hash
|
|
|
|
info:
|
|
|
|
name: TidePool Malware Hash - Detect
|
|
|
|
author: pussycat0x
|
|
|
|
severity: info
|
|
|
|
description: |
|
|
|
|
Detects TidePool malware mentioned in Ke3chang report by Palo Alto Networks
|
|
|
|
reference:
|
|
|
|
- http://goo.gl/m2CXWR
|
|
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Ke3Chang_TidePool.yar
|
|
|
|
tags: malware,tidepool
|
|
|
|
|
|
|
|
file:
|
2024-06-20 12:38:35 +00:00
|
|
|
- extensions:
|
|
|
|
- all
|
2024-06-20 09:42:34 +00:00
|
|
|
|
|
|
|
matchers:
|
2024-06-20 12:38:35 +00:00
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- "sha256(raw) == '9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba'"
|
|
|
|
- "sha256(raw) == '67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed'"
|
|
|
|
- "sha256(raw) == '2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18'"
|
|
|
|
- "sha256(raw) == '38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f'"
|
|
|
|
condition: or
|