nuclei-templates/file/malware/hash/revil-ransomware-hash.yaml

24 lines
923 B
YAML
Raw Normal View History

2024-06-20 09:42:34 +00:00
id: revil-ransomware-hash
info:
name: Revil Ransomware Hash - Detect
author: pussycat0x
severity: info
description:
2024-06-20 09:59:08 +00:00
Detect Revil Ransomware.
2024-06-20 09:42:34 +00:00
reference:
- https://angle.ankura.com/post/102hcny/revix-linux-ransomware
- https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Revix.yar
2024-06-25 09:56:35 +00:00
tags: ransomware,malware
2024-06-20 09:42:34 +00:00
file:
2024-06-20 12:38:35 +00:00
- extensions:
- all
2024-06-20 13:16:17 +00:00
matchers:
- type: dsl
dsl:
- "sha256(raw) == 'f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5'"
- "sha256(raw) == '559e9c0a2ef6898fabaf0a5fb10ac4a0f8d721edde4758351910200fe16b5fa7'"
- "sha256(raw) == 'ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4'"
condition: or
# digest: 4a0a00473045022100a0fb80f742f83b56f947a72305aba5f437fdb09c42c19f64005fd27f19dfbd890220334bc54f426a0027eeeabc1a9cbca96a9b84a92ca1173da50ffd112b07f9c3e9:922c64590222798bb761d5b6d8e72950