nuclei-templates/file/malware/hash/bluelight-malware-hash.yaml

22 lines
953 B
YAML

id: bluelight-malware-hash
info:
name: bluelight Malware Hash - Detect
author: pussycat0x
severity: info
description: North Korean origin malware which uses a custom Google App for C2 communications.
reference:
- https://github.com/volexity/threat-intel/blob/main/2021/2021-08-17%20-%20InkySquid%20Part%201/indicators/yara.yar
tags: malware,inkysquid
file:
- extensions:
- all
matchers:
- type: dsl
dsl:
- "sha256(raw) == '837eaf7b736583497afb8bbdb527f70577901eff04cc69d807983b233524bfed'"
- "sha256(raw) == '7c40019c1d4cef2ffdd1dd8f388aaba537440b1bffee41789c900122d075a86d'"
- "sha256(raw) == '94b71ee0861cc7cfbbae53ad2e411a76f296fd5684edf6b25ebe79bf6a2a600a'"
condition: or
# digest: 4b0a00483046022100bee4e8268cf26453045145f505f3aa37568f85c67d982701b3d3c06b750a3dc4022100adbefd57c061ddfe5ab00a929baa9e8eecf250eac26791bf3d0e80bf58544170:922c64590222798bb761d5b6d8e72950