nuclei-templates/file/malware/hash/revil-ransomware-hash.yaml

id: revil-ransomware-hash
info:
  name: Revil Ransomware Hash - Detect
  author: pussycat0x
  severity: info
  description:
    Detect Revil Ransomware.
  reference:
    - https://angle.ankura.com/post/102hcny/revix-linux-ransomware
    - https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Revix.yar
  tags: ransomware,malware

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == 'f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5'"
          - "sha256(raw) == '559e9c0a2ef6898fabaf0a5fb10ac4a0f8d721edde4758351910200fe16b5fa7'"
          - "sha256(raw) == 'ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4'"
        condition: or
# digest: 4a0a00473045022100a0fb80f742f83b56f947a72305aba5f437fdb09c42c19f64005fd27f19dfbd890220334bc54f426a0027eeeabc1a9cbca96a9b84a92ca1173da50ffd112b07f9c3e9:922c64590222798bb761d5b6d8e72950