2024-06-20 09:42:34 +00:00
|
|
|
id: revil-ransomware-hash
|
|
|
|
info:
|
|
|
|
name: Revil Ransomware Hash - Detect
|
|
|
|
author: pussycat0x
|
|
|
|
severity: info
|
|
|
|
description:
|
2024-06-20 09:59:08 +00:00
|
|
|
Detect Revil Ransomware.
|
2024-06-20 09:42:34 +00:00
|
|
|
reference:
|
|
|
|
- https://angle.ankura.com/post/102hcny/revix-linux-ransomware
|
|
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Revix.yar
|
2024-06-25 09:56:35 +00:00
|
|
|
tags: ransomware,malware
|
2024-06-20 09:42:34 +00:00
|
|
|
|
|
|
|
file:
|
2024-06-20 12:38:35 +00:00
|
|
|
- extensions:
|
|
|
|
- all
|
|
|
|
|
2024-06-20 13:16:17 +00:00
|
|
|
matchers:
|
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- "sha256(raw) == 'f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5'"
|
|
|
|
- "sha256(raw) == '559e9c0a2ef6898fabaf0a5fb10ac4a0f8d721edde4758351910200fe16b5fa7'"
|
|
|
|
- "sha256(raw) == 'ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4'"
|
|
|
|
condition: or
|
2024-06-25 10:31:23 +00:00
|
|
|
# digest: 4a0a00473045022100a0fb80f742f83b56f947a72305aba5f437fdb09c42c19f64005fd27f19dfbd890220334bc54f426a0027eeeabc1a9cbca96a9b84a92ca1173da50ffd112b07f9c3e9:922c64590222798bb761d5b6d8e72950
|