nuclei-templates/file/malware/hash/blackenergy-killdisk-malwar...

23 lines
993 B
YAML

id: blackenergy-killdisk-malware-hash
info:
name: BlackEnergy KillDisk Malware Hash - Detect
author: pussycat0x
severity: info
description: Detects KillDisk malware from BlackEnergy
reference:
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Blackenergy.yar
tags: malware,blackenergy
file:
- extensions:
- all
matchers:
- type: dsl
dsl:
- "sha256(raw) == '11b7b8a7965b52ebb213b023b6772dd2c76c66893fc96a18a9a33c8cf125af80'"
- "sha256(raw) == '5d2b1abc7c35de73375dd54a4ec5f0b060ca80a1831dac46ad411b4fe4eac4c6'"
- "sha256(raw) == 'c7536ab90621311b526aefd56003ef8e1166168f038307ae960346ce8f75203d'"
- "sha256(raw) == 'f52869474834be5a6b5df7f8f0c46cbc7e9b22fa5cb30bee0f363ec6eb056b95'"
condition: or
# digest: 4a0a0047304502202458980ebea305eb929ecde0f231be11033f344aa6579fd33fe4002bdb7dad5b022100dbbbe9b8f9f64dbaa08349d818b345c64550f8cfb123d517764b5cc29cfc0ff3:922c64590222798bb761d5b6d8e72950