21 lines
764 B
YAML
21 lines
764 B
YAML
id: passcv-signingcert-malware-hash
|
|
info:
|
|
name: PassCV Sabre Malware Signing Cert Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
PassCV Malware mentioned in Cylance Report
|
|
reference:
|
|
- https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Passcv.yar
|
|
tags: malware,passcv
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == '7c32885c258a6d5be37ebe83643f00165da3ebf963471503909781540204752e'"
|
|
# digest: 490a0046304402204af796f5fa792d02c6a8bb14ae8eb53f61509ac8c892258295432da49fdbc1480220362b731e34545f2a4bee533332d1a6a3aea6d77212f65e8f828008eb4f292d35:922c64590222798bb761d5b6d8e72950 |