id: upstyle-malware-hash

info:
  name: Upstyle Malware Hash - Detect
  author: Kazgangap
  severity: info
  reference:
    - https://github.com/volexity/threat-intel/blob/main/2024/2024-04-12%20Palo%20Alto%20Networks%20GlobalProtect/indicators/rules.yar
  tags: malware,upstyle

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == '3de2a4392b8715bad070b2ae12243f166ead37830f7c6d24e778985927f9caac'"
          - "sha256(raw) == '0d59d7bddac6c22230187ef6cf7fa22bca93759edc6f9127c41dc28a2cea19d8'"
          - "sha256(raw) == '4dd4bd027f060f325bf6a90d01bfcf4e7751a3775ad0246beacc6eb2bad5ec6f'"
        condition: or
# digest: 4b0a00483046022100b6cc6e0f799d614a9e954df8873a2ca213babf635e58744722e7c622bbf1b8aa022100acb59a4fd79b7c0332adff6600f0c308b607bf6f8e4678aad2fde28f68d44e7a:922c64590222798bb761d5b6d8e72950