nuclei-templates/file/malware/hash/tidepool-malware-hash.yaml

id: tidepool-malware-hash
info:
  name: TidePool Malware Hash - Detect
  author: pussycat0x
  severity: info
  description: |
    Detects TidePool malware mentioned in Ke3chang report by Palo Alto Networks
  reference:
    - http://goo.gl/m2CXWR
    - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Ke3Chang_TidePool.yar
  tags: malware,tidepool

file:
  - extensions:
      - all

  matchers:
    - type: dsl
      dsl:
        - "sha256(raw) == '9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba'"
        - "sha256(raw) == '67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed'"
        - "sha256(raw) == '2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18'"
        - "sha256(raw) == '38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f'"
      condition: or
New - Templates 2024-06-20 09:42:34 +00:00			`id: tidepool-malware-hash`
			`info:`
			`name: TidePool Malware Hash - Detect`
			`author: pussycat0x`
			`severity: info`
			`description: \|`
			`Detects TidePool malware mentioned in Ke3chang report by Palo Alto Networks`
			`reference:`
			`- http://goo.gl/m2CXWR`
			`- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Ke3Chang_TidePool.yar`
			`tags: malware,tidepool`

			`file:`
update 2024-06-20 12:38:35 +00:00			`- extensions:`
			`- all`
New - Templates 2024-06-20 09:42:34 +00:00
			`matchers:`
update 2024-06-20 12:38:35 +00:00			`- type: dsl`
			`dsl:`
			`- "sha256(raw) == '9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba'"`
			`- "sha256(raw) == '67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed'"`
			`- "sha256(raw) == '2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18'"`
			`- "sha256(raw) == '38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f'"`
			`condition: or`