23 lines
697 B
YAML
23 lines
697 B
YAML
id: revil-ransomware-hash
|
|
info:
|
|
name: Revil Ransomware Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description:
|
|
Detect Revil Ransomware.
|
|
reference:
|
|
- https://angle.ankura.com/post/102hcny/revix-linux-ransomware
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Revix.yar
|
|
tags: ransomware,malware
|
|
|
|
file:
|
|
extensions:
|
|
- all
|
|
matchers:
|
|
type: dsl
|
|
dsl:
|
|
- "sha256(raw) == 'f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5'"
|
|
- "sha256(raw) == '559e9c0a2ef6898fabaf0a5fb10ac4a0f8d721edde4758351910200fe16b5fa7'"
|
|
- "sha256(raw) == 'ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4'"
|
|
condition: or
|