28 lines
1.4 KiB
YAML
28 lines
1.4 KiB
YAML
id: purplewave-malware-hash
|
|
info:
|
|
name: PurpleWave v1.0 Malware Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
reference:
|
|
- https://twitter.com/3xp0rtblog/status/1289125217751781376
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_PurpleWave.yar
|
|
tags: malware,apt,purplewave
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == '7de7b866c46f34be28f7085fb1a1727ab939d65abd3128871fb68c42371af2df'"
|
|
- "sha256(raw) == '76bffcf04104a1c4e6a5792d3795d1a03c7497a274042889b8f44c8f8facc304'"
|
|
- "sha256(raw) == '832d667b00c07424f050f84e717f8db22833b1e8e131aa7a33de739c4f4b4cdd'"
|
|
- "sha256(raw) == '917057a6a03252bc2525b326a63111fce050fc86e6e3b26fa9e452489f1358b9'"
|
|
- "sha256(raw) == 'a8577e1ccad877ae5ff4bf89aa578989404643c6fdf10baafd4335a1766abb16'"
|
|
- "sha256(raw) == 'd5ec98c98a8f56fdeb00cc2404c4527a39726bf43d8b9cf6c4c8c36364f94161'"
|
|
- "sha256(raw) == 'd820ec7f9196a5cc3dbc2b5860334a2e174fede80efc3b8463756fb8767dddf9'"
|
|
- "sha256(raw) == 'd4572e26b9e6ce963af590979afe3df6e1be78aa8ec0e926e77b0affb7ab1554'"
|
|
- "sha256(raw) == '4b3cb90581dcd77c9ceffbd662b8dac70b68de5a03cd56940434cc035209d61d'"
|
|
condition: or
|
|
# digest: 4a0a0047304502200a8245b0a3c7375545abcabcb3b33ffcff0a1eeb20bd2fc61b2cedd412a97af4022100f83b9afd37e264a8aad2d6e2fa7578dabf98dd1c0026bbe56e2c7b4a83067a19:922c64590222798bb761d5b6d8e72950 |