id: red-leaves-malware-hash info: name: Red Leaves Malware Hash - Detect author: pussycat0x severity: info description: | Red Leaves malware, related to APT10 reference: - https://www.virustotal.com/ - https://github.com/Yara-Rules/rules/blob/master/malware/APT_RedLeaves.yar tags: malware,apt,red-leaves file: - extensions: - all matchers: - type: dsl dsl: - "sha256(raw) == '2e1f902de32b999642bb09e995082c37a024f320c683848edadaf2db8e322c3c'" # digest: 4b0a00483046022100e005ae711375ad8bcf2a49e18c04bfb90ff364e98536e2bfc8f5e38b87cc2cca02210093fef295bd17322908b99c750aeb6d770a932e4ef181155033491e7948417b10:922c64590222798bb761d5b6d8e72950