id: ironpanda-dnstunclient-malware-hash
info:
  name: Iron Panda malware DnsTunClient Hash - Detect
  author: pussycat0x
  severity: info
  description: |
    Iron Panda malware DnsTunClient - file named.exe
  reference:
    - https://goo.gl/E4qia9
    - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Irontiger.yar
  tags: malware,ironpanda

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == 'a08db49e198068709b7e52f16d00a10d72b4d26562c0d82b4544f8b0fb259431'"
# digest: 4b0a004830460221009fec136cd6afff7b6e05ee7021c47aee0953b31c0030092762b41815389c523f022100b5cb901c2eee61091dea87d53fcdda19e9da866a39d257ac2de919a33104545e:922c64590222798bb761d5b6d8e72950