daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/file/malware/hash/neuron2-malware-hash.yaml

21 lines
808 B
YAML
Raw Permalink Blame History

id: neuron2-malware-hash
info:
name: Neuron2 Loader Strings Turla APT loader Hash - Detect
author: pussycat0x
severity: info
reference: |
- https://www.ncsc.gov.uk/alerts/turla-group-malware
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Turla_Neuron.yar
tags: malware,turla,neuron2,apt
file:
- extensions:
- all
matchers:
- type: dsl
dsl:
- "sha256(raw) == '51616b207fde2ff1360a1364ff58270e0d46cf87a4c0c21b374a834dd9676927'"
- "sha256(raw) == '83d8922e7a8212f1a2a9015973e668d7999b90e7000c31f57be83803747df015'"
condition: or
# digest: 4a0a00473045022100b91242669db5c8dd0752bac8fb27f0341d9c54b95649fde172eddb7f11e42cb6022054904c777180e063b25b9ff387271f645a7b48bc1579bf75bae794434bfc6278:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink