2024-06-20 09:42:34 +00:00
|
|
|
id: sharpext-malware-hash
|
2024-06-19 10:13:35 +00:00
|
|
|
info:
|
2024-06-20 09:42:34 +00:00
|
|
|
name: Sharpext Malware Hash - Detect
|
2024-06-19 10:13:35 +00:00
|
|
|
author: pussycat0x
|
|
|
|
severity: info
|
|
|
|
description: A malicious Chrome browser extension used by the SharpTongue threat actor to steal mail data from a victim.
|
|
|
|
reference:
|
|
|
|
- https://github.com/volexity/threat-intel/blob/main/2022/2022-07-28%20SharpTongue%20SharpTongue%20Deploys%20Clever%20Mail-Stealing%20Browser%20Extension%20SHARPEXT/yara.yar
|
|
|
|
tags: malware,sharptongue
|
|
|
|
|
|
|
|
file:
|
|
|
|
- extensions:
|
|
|
|
- all
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- "sha256(raw) == '1c9664513fe226beb53268b58b11dacc35b80a12c50c22b76382304badf4eb00'"
|
|
|
|
- "sha256(raw) == '6025c66c2eaae30c0349731beb8a95f8a5ba1180c5481e9a49d474f4e1bb76a4'"
|
|
|
|
- "sha256(raw) == '6594b75939bcdab4253172f0fa9066c8aee2fa4911bd5a03421aeb7edcd9c90c'"
|
2024-06-21 10:04:41 +00:00
|
|
|
condition: or
|
|
|
|
# digest: 490a004630440220166c9ddf0b8014895bc3de5996c6d6f45ff984d15b0d844ae31939ff88565a8b02202f41393091a5d0dd61fc9d5e73b74fabd6079dbfdf3f7e7d3da31885e4b83706:922c64590222798bb761d5b6d8e72950
|