id: passcv-ntscan-malware-hash
info:
  name: PassCV Sabre Tool NTScan Malware Hash - Detect
  author: pussycat0x
  severity: info
  description: PassCV Malware mentioned in Cylance Report
  reference:
    - https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies
    - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Passcv.yar
  tags: malware,passcv

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == '0f290612b26349a551a148304a0bd3b0d0651e9563425d7c362f30bd492d8665'"
# digest: 4a0a00473045022100ef569acf5832341fe83e664fce030dde8d6a789d88ea519a176006b84fbf974102200a8bbb01f4093a07e414713794649a23bbed2a276047dbdee33904e785c0da8e:922c64590222798bb761d5b6d8e72950