id: blackenergy-killdisk-malware-hash
info:
  name: BlackEnergy KillDisk Malware Hash - Detect
  author: pussycat0x
  severity: info
  description: Detects KillDisk malware from BlackEnergy
  reference:
    - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Blackenergy.yar
  tags: malware,blackenergy

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == '11b7b8a7965b52ebb213b023b6772dd2c76c66893fc96a18a9a33c8cf125af80'"
          - "sha256(raw) == '5d2b1abc7c35de73375dd54a4ec5f0b060ca80a1831dac46ad411b4fe4eac4c6'"
          - "sha256(raw) == 'c7536ab90621311b526aefd56003ef8e1166168f038307ae960346ce8f75203d'"
          - "sha256(raw) == 'f52869474834be5a6b5df7f8f0c46cbc7e9b22fa5cb30bee0f363ec6eb056b95'"
        condition: or
# digest: 4a0a0047304502202458980ebea305eb929ecde0f231be11033f344aa6579fd33fe4002bdb7dad5b022100dbbbe9b8f9f64dbaa08349d818b345c64550f8cfb123d517764b5cc29cfc0ff3:922c64590222798bb761d5b6d8e72950