21 lines
752 B
YAML
21 lines
752 B
YAML
id: sofacy-winexe-malware-hash
|
|
info:
|
|
name: Sofacy Group Winexe Tool Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
Winexe tool used by Sofacy group in Bundestag APT.
|
|
reference: |
|
|
- http://dokumente.linksfraktion.de/inhalt/report-orig.pdf
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Sofacy_Bundestag.yar
|
|
tags: malware,sofacy
|
|
|
|
file:
|
|
- extensions:
|
|
- exe
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == '5130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d'"
|
|
# digest: 4a0a00473045022100bfa5f862b9a3d7ae378db20014a21abcaa89423a54f5cb610e7052fd39b010f602204fab7ff0a1e46cb6f2fb4e58ce4fba4fd26a2a2ea86ef56bebeb62c576f4db1a:922c64590222798bb761d5b6d8e72950 |