id: blackenergy-driver-malware-hash info: name: BlackEnergy Driver USBMDM Malware Hash - Detect author: pussycat0x severity: info description: Auto-generated rule - detects BlackEnergy Driver USBMDM malware reference: - http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry tags: malware,blackenergy file: - extensions: - all matchers: - type: dsl dsl: - "sha256(raw) == '7874a10e551377d50264da5906dc07ec31b173dee18867f88ea556ad70d8f094'" - "sha256(raw) == 'b73777469f939c331cbc1c9ad703f973d55851f3ad09282ab5b3546befa5b54a'" - "sha256(raw) == 'edb16d3ccd50fc8f0f77d0875bf50a629fa38e5ba1b8eeefd54468df97eba281'" - "sha256(raw) == 'ac13b819379855af80ea3499e7fb645f1c96a4a6709792613917df4276c583fc'" - "sha256(raw) == '7a393b3eadfc8938cbecf84ca630e56e37d8b3d23e084a12ea5a7955642db291'" - "sha256(raw) == '405013e66b6f137f915738e5623228f36c74e362873310c5f2634ca2fda6fbc5'" - "sha256(raw) == '244dd8018177ea5a92c70a7be94334fa457c1aab8a1c1ea51580d7da500c3ad5'" - "sha256(raw) == 'edcd1722fdc2c924382903b7e4580f9b77603110e497393c9947d45d311234bf'" condition: or # digest: 4a0a004730450220182af1b18ad6459798f42c01ed4e25e60016e88d3ce86dd0346dd7e268c13f3a022100d62cbcdbb932d6f7d196c33119c356b0cbd4a98e2d69c823c981d83ee5043af7:922c64590222798bb761d5b6d8e72950