nuclei-templates/file/malware/hash/petya-ransomware-hash.yaml

id: petya-ransomware-hash
info:
  name: Petya Ransomware Hash - Detect
  author: pussycat0x
  severity: info
  description: |
    Detects Petya Ransomware.    
  reference:
    - http://www.heise.de/newsticker/meldung/Erpressungs-Trojaner-Petya-riegelt-den-gesamten-Rechner-ab-3150917.html
  tags: ransomware,malware

file:
  - extensions:
      - all

    matchers:
      - type: dsl
        dsl:
          - "sha256(raw) == '26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739'"
# digest: 490a0046304402206950b3d50bc113cfdcd2589c898ab99867e66e02123ae45c6952bce84c16a68f022011d17a5ae03002933cbbb1c55b298538f6d90040d716ead75525777d1b27e01b:922c64590222798bb761d5b6d8e72950