id: disgomoji-malware-hash
info:
  name: DISGOMOJI Malware Hash - Detect
  author: pussycat0x
  severity: info
  description: Detects DISGOMOJI modules based on strings in the ELF.
  reference:
    - https://github.com/volexity/threat-intel/blob/main/2024/2024-06-13%20DISGOMOJI/indicators/rules.yar
  tags: malware,disgomoji

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == '2abaae4f6794131108adf5b42e09ee5ce24769431a0e154feabe6052cfe70bf3'"
# digest: 4b0a00483046022100f4dd415de9758c33403ccdc3b73573fa19b2af5574765856c455437f5fe08b900221009cadd9822eb7d450cbea102040895e61f38ecdb8088f8bcc60f7e70c866dc0f5:922c64590222798bb761d5b6d8e72950