27 lines
1.2 KiB
YAML
27 lines
1.2 KiB
YAML
id: unit78020-malware-hash
|
|
info:
|
|
name: Unit 78020 Malware Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
Detects malware by Chinese APT PLA Unit 78020 - Generic Rule
|
|
reference: |
|
|
http://threatconnect.com/camerashy/?utm_campaign=CameraShy
|
|
https://github.com/Yara-Rules/rules/blob/master/malware/APT_Unit78020.yar
|
|
tags: malware,unit78020
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == '2b15e614fb54bca7031f64ab6caa1f77b4c07dac186826a6cd2e254090675d72'"
|
|
- "sha256(raw) == '76c586e89c30a97e583c40ebe3f4ba75d5e02e52959184c4ce0a46b3aac54edd'"
|
|
- "sha256(raw) == '2625a0d91d3cdbbc7c4a450c91e028e3609ff96c4f2a5a310ae20f73e1bc32ac'"
|
|
- "sha256(raw) == '5c62b1d16e6180f22a0cb59c99a7743f44cb4a41e4e090b9733d1fb687c8efa2'"
|
|
- "sha256(raw) == '7b73bf2d80a03eb477242967628da79924fbe06cc67c4dcdd2bdefccd6e0e1af'"
|
|
- "sha256(raw) == '88c5be84afe20c91e4024160303bafb044f98aa5fbf8c9f9997758a014238790'"
|
|
condition: or
|
|
# digest: 4a0a00473045022100dc54d186a602d92d8a61784d00509d7e29d56e847841f083ee3b69ea346aeb8402203be2261ebe0752c89b61e478caf3e2e164640ef94c04d68514a68d7b95f1e17c:922c64590222798bb761d5b6d8e72950 |