daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/file/malware/hash/sfxrar-acrotray-malware-has...

22 lines
887 B
YAML
Raw Blame History

id: sfxrar-acrotray-malware-hash
info:
name: SFXRAR Acrotray Malware Hash - Detect
author: pussycat0x
severity: info
reference:
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Cloudduke.yar
- https://www.f-secure.com/weblog/archives/00002822.html
tags: malware,apt,sfx
file:
- extensions:
- all
matchers:
- type: dsl
dsl:
- "sha256(raw) == '51e713c7247f978f5836133dd0b8f9fb229e6594763adda59951556e1df5ee57'"
- "sha256(raw) == '5d695ff02202808805da942e484caa7c1dc68e6d9c3d77dc383cfa0617e61e48'"
- "sha256(raw) == '56531cc133e7a760b238aadc5b7a622cd11c835a3e6b78079d825d417fb02198'"
condition: or
# digest: 4b0a00483046022100c6c00d587c785d24265f7e10ab085570073dd32002bd3e0ffad8a63068abf9a9022100d5c1fde8a605a53dc23a8f5c1c77d481a575ab9e3560d00883d94eca3eb1b3ab:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink