2024-06-20 09:42:34 +00:00
|
|
|
id: codoso-malware-hash
|
|
|
|
|
info:
|
|
|
|
|
name: Codoso APT Malware Hash - Detect
|
|
|
|
|
author: pussycat0x
|
|
|
|
|
severity: info
|
|
|
|
|
description: |
|
|
|
|
|
Detects Codoso APT Malware.
|
|
|
|
|
reference:
|
|
|
|
|
- https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
|
|
|
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Codoso.yar
|
|
|
|
|
tags: malware,apt,codoso
|
|
|
|
|
|
|
|
|
|
file:
|
2024-06-20 12:38:35 +00:00
|
|
|
- extensions:
|
|
|
|
|
- all
|
2024-06-20 09:42:34 +00:00
|
|
|
|
2024-06-20 13:16:17 +00:00
|
|
|
matchers:
|
|
|
|
|
- type: dsl
|
|
|
|
|
dsl:
|
|
|
|
|
- "sha256(raw) == 'ea67d76e9d2e9ce3a8e5f80ff9be8f17b2cd5b1212153fdf36833497d9c060c0'"
|
|
|
|
|
- "sha256(raw) == '130abb54112dd47284fdb169ff276f61f2b69d80ac0a9eac52200506f147b5f8'"
|
|
|
|
|
- "sha256(raw) == '3ea6b2b51050fe7c07e2cf9fa232de6a602aa5eff66a2e997b25785f7cf50daa'"
|
|
|
|
|
- "sha256(raw) == '02cf5c244aebaca6195f45029c1e37b22495609be7bdfcfcd79b0c91eac44a13'"
|
|
|
|
|
- "sha256(raw) == 'd66106ec2e743dae1d71b60a602ca713b93077f56a47045f4fc9143aa3957090'"
|
|
|
|
|
- "sha256(raw) == '3577845d71ae995762d4a8f43b21ada49d809f95c127b770aff00ae0b64264a3'"
|
|
|
|
|
condition: or
|
2024-06-21 10:04:41 +00:00
|
|
|
# digest: 4a0a004730450220308710bed21d5eb52e56a7561d04353c42bffe6291b6b826b50da6777de368310221009e0df4a7212395c0c75578001769a2240a27bab1c047e00858df537c057988cc:922c64590222798bb761d5b6d8e72950
|
