2024-06-20 09:42:34 +00:00
|
|
|
id: emissary-malware-hash
|
|
|
|
info:
|
|
|
|
name: Emissary APT Malware Hash - Detect
|
|
|
|
author: pussycat0x
|
2024-06-20 13:16:17 +00:00
|
|
|
severity: info
|
2024-06-20 09:42:34 +00:00
|
|
|
description: |
|
|
|
|
Detect Emissary Malware - from samples A08E81B411.DAT, ishelp.dll
|
|
|
|
reference:
|
|
|
|
- http://goo.gl/V0epcf
|
|
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Emissary.yar
|
|
|
|
tags: malware,emissary,apt
|
|
|
|
|
|
|
|
file:
|
2024-06-20 12:38:35 +00:00
|
|
|
- extensions:
|
|
|
|
- all
|
2024-06-20 09:42:34 +00:00
|
|
|
|
2024-06-20 13:16:17 +00:00
|
|
|
matchers:
|
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- "sha256(raw) == '9420017390c598ee535c24f7bcbd39f40eca699d6c94dc35bcf59ddf918c59ab'"
|
|
|
|
- "sha256(raw) == '70561f58c9e5868f44169854bcc906001947d98d15e9b4d2fbabd1262d938629'"
|
|
|
|
- "sha256(raw) == '0e64e68f6f88b25530699a1cd12f6f2790ea98e6e8fa3b4bc279f8e5c09d7290'"
|
|
|
|
- "sha256(raw) == '69caa2a4070559d4cafdf79020c4356c721088eb22398a8740dea8d21ae6e664'"
|
|
|
|
- "sha256(raw) == '675869fac21a94c8f470765bc6dd15b17cc4492dd639b878f241a45b2c3890fc'"
|
|
|
|
- "sha256(raw) == 'e817610b62ccd00bdfc9129f947ac7d078d97525e9628a3aa61027396dba419b'"
|
|
|
|
- "sha256(raw) == 'a8b0d084949c4f289beb4950f801bf99588d1b05f68587b245a31e8e82f7a1b8'"
|
|
|
|
- "sha256(raw) == 'acf7dc5a10b00f0aac102ecd9d87cd94f08a37b2726cb1e16948875751d04cc9'"
|
|
|
|
- "sha256(raw) == 'e21b47dfa9e250f49a3ab327b7444902e545bed3c4dcfa5e2e990af20593af6d'"
|
|
|
|
- "sha256(raw) == 'e369417a7623d73346f6dff729e68f7e057f7f6dae7bb03d56a7510cb3bfe538'"
|
|
|
|
- "sha256(raw) == '29d8dc863427c8e37b75eb738069c2172e79607acc7b65de6f8086ba36abf051'"
|
|
|
|
- "sha256(raw) == '98fb1d2975babc18624e3922406545458642e01360746870deee397df93f50e0'"
|
|
|
|
- "sha256(raw) == 'fbcb401cf06326ab4bb53fb9f01f1ca647f16f926811ea66984f1a1b8cf2f7bb'"
|
2024-06-21 10:04:41 +00:00
|
|
|
condition: or
|
|
|
|
# digest: 4b0a00483046022100c7db698f9fba6a6bcc96bd22a4e5c7ab462ce12f6486e676e96eae11860095ff022100beddf7aca317e4932871573e5320d018a47e64df0d0e2f9d778ca7bd69369cc1:922c64590222798bb761d5b6d8e72950
|