nuclei-templates/file/malware/hash/disgomoji-malware-hash.yaml

19 lines
698 B
YAML
Raw Normal View History

2024-06-20 09:42:34 +00:00
id: disgomoji-malware-hash
2024-06-19 10:13:35 +00:00
info:
2024-06-20 09:42:34 +00:00
name: DISGOMOJI Malware Hash - Detect
2024-06-19 10:13:35 +00:00
author: pussycat0x
severity: info
description: Detects DISGOMOJI modules based on strings in the ELF.
reference:
- https://github.com/volexity/threat-intel/blob/main/2024/2024-06-13%20DISGOMOJI/indicators/rules.yar
2024-06-20 09:42:34 +00:00
tags: malware,disgomoji
2024-06-19 10:13:35 +00:00
file:
- extensions:
- all
matchers:
- type: dsl
dsl:
- "sha256(raw) == '2abaae4f6794131108adf5b42e09ee5ce24769431a0e154feabe6052cfe70bf3'"
# digest: 4b0a00483046022100f4dd415de9758c33403ccdc3b73573fa19b2af5574765856c455437f5fe08b900221009cadd9822eb7d450cbea102040895e61f38ecdb8088f8bcc60f7e70c866dc0f5:922c64590222798bb761d5b6d8e72950