nuclei-templates/file/malware/hash/industroyer-malware-hash.yaml

29 lines
1.4 KiB
YAML
Raw Normal View History

2024-06-20 09:42:34 +00:00
id: industroyer-malware-hash
info:
name: Industroyer Malware Hash - Detect
author: pussycat0x
severity: info
description: Detects Industroyer related malware
reference:
- https://goo.gl/x81cSy
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Industroyer.yar
tags: malware,industroyer,apt
file:
2024-06-20 12:38:35 +00:00
- extensions:
- all
2024-06-20 09:42:34 +00:00
2024-06-20 13:16:17 +00:00
matchers:
- type: dsl
dsl:
- "sha256(raw) == 'ad23c7930dae02de1ea3c6836091b5fb3c62a89bf2bcfb83b4b39ede15904910'"
- "sha256(raw) == '018eb62e174efdcdb3af011d34b0bf2284ed1a803718fba6edffe5bc0b446b81'"
- "sha256(raw) == '3e3ab9674142dec46ce389e9e759b6484e847f5c1e1fc682fc638fc837c13571'"
- "sha256(raw) == '37d54e3d5e8b838f366b9c202f75fa264611a12444e62ae759c31a0d041aa6e4'"
- "sha256(raw) == 'ecaf150e087ddff0ec6463c92f7f6cca23cc4fd30fe34c10b3cb7c2a6d135c77'"
- "sha256(raw) == '6d707e647427f1ff4a7a9420188a8831f433ad8c5325dc8b8cc6fc5e7f1f6f47'"
- "sha256(raw) == '893e4cca7fe58191d2f6722b383b5e8009d3885b5913dcd2e3577e5a763cdb3f'"
- "sha256(raw) == '21c1fdd6cfd8ec3ffe3e922f944424b543643dbdab99fa731556f8805b0d5561'"
- "sha256(raw) == '7907dd95c1d36cf3dc842a1bd804f0db511a0f68f4b3d382c23a3c974a383cad'"
condition: or
# digest: 4b0a0048304602210080c6157e9dddd2e4fe5922dd89a088a382a7a9dcabcf3ed2be3ff364360e98c1022100da6a030cb87f7367d5c71f98b05dfa0a58e549c124b8a9f0f51bb91e759a6739:922c64590222798bb761d5b6d8e72950