23 lines
993 B
YAML
23 lines
993 B
YAML
id: blackenergy-killdisk-malware-hash
|
|
info:
|
|
name: BlackEnergy KillDisk Malware Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: Detects KillDisk malware from BlackEnergy
|
|
reference:
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Blackenergy.yar
|
|
tags: malware,blackenergy
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == '11b7b8a7965b52ebb213b023b6772dd2c76c66893fc96a18a9a33c8cf125af80'"
|
|
- "sha256(raw) == '5d2b1abc7c35de73375dd54a4ec5f0b060ca80a1831dac46ad411b4fe4eac4c6'"
|
|
- "sha256(raw) == 'c7536ab90621311b526aefd56003ef8e1166168f038307ae960346ce8f75203d'"
|
|
- "sha256(raw) == 'f52869474834be5a6b5df7f8f0c46cbc7e9b22fa5cb30bee0f363ec6eb056b95'"
|
|
condition: or
|
|
# digest: 4a0a0047304502202458980ebea305eb929ecde0f231be11033f344aa6579fd33fe4002bdb7dad5b022100dbbbe9b8f9f64dbaa08349d818b345c64550f8cfb123d517764b5cc29cfc0ff3:922c64590222798bb761d5b6d8e72950 |