27 lines
1.3 KiB
YAML
27 lines
1.3 KiB
YAML
id: blackenergy-driver-amdide-hash
|
|
info:
|
|
name: Blackenergy-Driver Amdide Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
Detects the AMDIDE driver from BlackEnergy malware
|
|
reference:
|
|
- http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/
|
|
tags: malware,blackenergy
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == '32d3121135a835c3347b553b70f3c4c68eef711af02c161f007a9fbaffe7e614'"
|
|
- "sha256(raw) == '3432db9cb1fb9daa2f2ac554a0a006be96040d2a7776a072a8db051d064a8be2'"
|
|
- "sha256(raw) == '90ba78b6710462c2d97815e8745679942b3b296135490f0095bdc0cd97a34d9c'"
|
|
- "sha256(raw) == '97be6b2cec90f655ef11ed9feef5b9ef057fd8db7dd11712ddb3702ed7c7bda1'"
|
|
- "sha256(raw) == '5111de45210751c8e40441f16760bf59856ba798ba99e3c9532a104752bf7bcc'"
|
|
- "sha256(raw) == 'cbc4b0aaa30b967a6e29df452c5d7c2a16577cede54d6d705ca1f095bd6d4988'"
|
|
- "sha256(raw) == '1ce0dfe1a6663756a32c69f7494ad082d293d32fe656d7908fb445283ab5fa68'"
|
|
condition: or
|
|
# digest: 4b0a004830460221009e755cb9b884c78a81ebf3c11bdecc13822a87e81b7f2aadb0386c4b3d0505f3022100c44721811a65d9293b7a5cec15ad9a83ba3180b5c373c7b508cf35c6679994e0:922c64590222798bb761d5b6d8e72950 |