25 lines
1.1 KiB
YAML
25 lines
1.1 KiB
YAML
id: blackenergy-driver-amdide-hash
|
|
info:
|
|
name: Blackenergy-Driver Amdide Hash - Detect
|
|
description: |
|
|
Detects the AMDIDE driver from BlackEnergy malware
|
|
reference:
|
|
- http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/
|
|
tag: malware,blackenergy
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == '32d3121135a835c3347b553b70f3c4c68eef711af02c161f007a9fbaffe7e614'"
|
|
- "sha256(raw) == '3432db9cb1fb9daa2f2ac554a0a006be96040d2a7776a072a8db051d064a8be2'"
|
|
- "sha256(raw) == '90ba78b6710462c2d97815e8745679942b3b296135490f0095bdc0cd97a34d9c'"
|
|
- "sha256(raw) == '97be6b2cec90f655ef11ed9feef5b9ef057fd8db7dd11712ddb3702ed7c7bda1'"
|
|
- "sha256(raw) == '5111de45210751c8e40441f16760bf59856ba798ba99e3c9532a104752bf7bcc'"
|
|
- "sha256(raw) == 'cbc4b0aaa30b967a6e29df452c5d7c2a16577cede54d6d705ca1f095bd6d4988'"
|
|
- "sha256(raw) == '1ce0dfe1a6663756a32c69f7494ad082d293d32fe656d7908fb445283ab5fa68'"
|
|
condition: or
|