id: industroyer-malware-hash
info:
  name: Industroyer Malware Hash - Detect
  author: pussycat0x
  severity: info
  description: Detects Industroyer related malware
  reference:
    - https://goo.gl/x81cSy
    - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Industroyer.yar
  tags: malware,industroyer,apt

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == 'ad23c7930dae02de1ea3c6836091b5fb3c62a89bf2bcfb83b4b39ede15904910'"
          - "sha256(raw) == '018eb62e174efdcdb3af011d34b0bf2284ed1a803718fba6edffe5bc0b446b81'"
          - "sha256(raw) == '3e3ab9674142dec46ce389e9e759b6484e847f5c1e1fc682fc638fc837c13571'"
          - "sha256(raw) == '37d54e3d5e8b838f366b9c202f75fa264611a12444e62ae759c31a0d041aa6e4'"
          - "sha256(raw) == 'ecaf150e087ddff0ec6463c92f7f6cca23cc4fd30fe34c10b3cb7c2a6d135c77'"
          - "sha256(raw) == '6d707e647427f1ff4a7a9420188a8831f433ad8c5325dc8b8cc6fc5e7f1f6f47'"
          - "sha256(raw) == '893e4cca7fe58191d2f6722b383b5e8009d3885b5913dcd2e3577e5a763cdb3f'"
          - "sha256(raw) == '21c1fdd6cfd8ec3ffe3e922f944424b543643dbdab99fa731556f8805b0d5561'"
          - "sha256(raw) == '7907dd95c1d36cf3dc842a1bd804f0db511a0f68f4b3d382c23a3c974a383cad'"
        condition: or
# digest: 4b0a0048304602210080c6157e9dddd2e4fe5922dd89a088a382a7a9dcabcf3ed2be3ff364360e98c1022100da6a030cb87f7367d5c71f98b05dfa0a58e549c124b8a9f0f51bb91e759a6739:922c64590222798bb761d5b6d8e72950