id: neuron2-malware-hash
info:
  name: Neuron2 Loader Strings Turla APT loader Hash - Detect
  author: pussycat0x
  severity: info
  reference: |
    - https://www.ncsc.gov.uk/alerts/turla-group-malware
    - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Turla_Neuron.yar
  tags: malware,turla,neuron2,apt

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == '51616b207fde2ff1360a1364ff58270e0d46cf87a4c0c21b374a834dd9676927'"
          - "sha256(raw) == '83d8922e7a8212f1a2a9015973e668d7999b90e7000c31f57be83803747df015'"
        condition: or
# digest: 4a0a00473045022100b91242669db5c8dd0752bac8fb27f0341d9c54b95649fde172eddb7f11e42cb6022054904c777180e063b25b9ff387271f645a7b48bc1579bf75bae794434bfc6278:922c64590222798bb761d5b6d8e72950