30 lines
1.5 KiB
YAML
30 lines
1.5 KiB
YAML
id: passcv-sabre-malware-hash
|
|
info:
|
|
name: PassCV Sabre Malware Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
PassCV Malware mentioned in Cylance Report
|
|
reference:
|
|
- https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Passcv.yar
|
|
tags: malware,passcv
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == '24a9bfbff81615a42e42755711c8d04f359f3bf815fb338022edca860ff1908a'"
|
|
- "sha256(raw) == 'e61e56b8f2666b9e605127b4fcc7dc23871c1ae25aa0a4ea23b48c9de35d5f55'"
|
|
- "sha256(raw) == '475d1c2d36b2cf28b28b202ada78168e7482a98b42ff980bbb2f65c6483db5b4'"
|
|
- "sha256(raw) == '009645c628e719fad2e280ef60bbd8e49bf057196ac09b3f70065f1ad2df9b78'"
|
|
- "sha256(raw) == '92479c7503393fc4b8dd7c5cd1d3479a182abca3cda21943279c68a8eef9c64b'"
|
|
- "sha256(raw) == '0c7b952c64db7add5b8b50b1199fc7d82e9b6ac07193d9ec30e5b8d353b1f6d2'"
|
|
- "sha256(raw) == '28c7575b2368a9b58d0d1bf22257c4811bd3c212bd606afc7e65904041c29ce1'"
|
|
- "sha256(raw) == '27463bcb4301f0fdd95bc10bf67f9049e161a4e51425dac87949387c54c9167f'"
|
|
- "sha256(raw) == '03aafc5f468a84f7dd7d7d38f91ff17ef1ca044e5f5e8bbdfe589f5509b46ae5'"
|
|
condition: or
|
|
# digest: 4b0a00483046022100bb57b949c8e28620c7417e341c8d9a8907fb74729ce011786c24a92b4ca22e35022100893e162903cd2ff3df101f8387cc853547dcfe05ea302b155a275de2e9c41a55:922c64590222798bb761d5b6d8e72950 |