33 lines
1.7 KiB
YAML
33 lines
1.7 KiB
YAML
id: greenbug-malware-hash
|
|
info:
|
|
name: Greenbug Malware Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
Detects Malware from Greenbug Incident
|
|
reference:
|
|
- https://goo.gl/urp4CD
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Greenbug.yar
|
|
tags: malware,Greenbug
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == 'dab460a0b73e79299fbff2fa301420c1d97a36da7426acc0e903c70495db2b76'"
|
|
- "sha256(raw) == '6b28a43eda5b6f828a65574e3f08a6d00e0acf84cbb94aac5cec5cd448a4649d'"
|
|
- "sha256(raw) == '21f5e60e9df6642dbbceca623ad59ad1778ea506b7932d75ea8db02230ce3685'"
|
|
- "sha256(raw) == '319a001d09ee9d754e8789116bbb21a3c624c999dae9cf83fde90a3fbe67ee6'"
|
|
- "sha256(raw) == '44bdf5266b45185b6824898664fd0c0f2039cdcb48b390f150e71345cd867c49'"
|
|
- "sha256(raw) == '7f16824e7ad9ee1ad2debca2a22413cde08f02ee9f0d08d64eb4cb318538be9c'"
|
|
- "sha256(raw) == '308a646f57c8be78e6a63ffea551a84b0ae877b23f28a660920c9ba82d57748f'"
|
|
- "sha256(raw) == '82beaef407f15f3c5b2013cb25901c9fab27b086cadd35149794a25dce8abcb9'"
|
|
- "sha256(raw) == '308a646f57c8be78e6a63ffea551a84b0ae877b23f28a660920c9ba82d57748f'"
|
|
- "sha256(raw) == '44bdf5266b45185b6824898664fd0c0f2039cdcb48b390f150e71345cd867c49'"
|
|
- "sha256(raw) == '7f16824e7ad9ee1ad2debca2a22413cde08f02ee9f0d08d64eb4cb318538be9c'"
|
|
- "sha256(raw) == '82beaef407f15f3c5b2013cb25901c9fab27b086cadd35149794a25dce8abcb9'"
|
|
condition: or
|
|
# digest: 4a0a00473045022077930b63738553480367e50314899ea548fca78cf499bfa0b139e798e7af18e10221008a78bcf158ccf90ec42fc2fca2f4bab5b64c36395f1913f238cd66f65ac0307f:922c64590222798bb761d5b6d8e72950 |