27 lines
1.4 KiB
YAML
27 lines
1.4 KiB
YAML
id: blackenergy-driver-malware-hash
|
|
info:
|
|
name: BlackEnergy Driver USBMDM Malware Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: Auto-generated rule - detects BlackEnergy Driver USBMDM malware
|
|
reference:
|
|
- http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry
|
|
tags: malware,blackenergy
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == '7874a10e551377d50264da5906dc07ec31b173dee18867f88ea556ad70d8f094'"
|
|
- "sha256(raw) == 'b73777469f939c331cbc1c9ad703f973d55851f3ad09282ab5b3546befa5b54a'"
|
|
- "sha256(raw) == 'edb16d3ccd50fc8f0f77d0875bf50a629fa38e5ba1b8eeefd54468df97eba281'"
|
|
- "sha256(raw) == 'ac13b819379855af80ea3499e7fb645f1c96a4a6709792613917df4276c583fc'"
|
|
- "sha256(raw) == '7a393b3eadfc8938cbecf84ca630e56e37d8b3d23e084a12ea5a7955642db291'"
|
|
- "sha256(raw) == '405013e66b6f137f915738e5623228f36c74e362873310c5f2634ca2fda6fbc5'"
|
|
- "sha256(raw) == '244dd8018177ea5a92c70a7be94334fa457c1aab8a1c1ea51580d7da500c3ad5'"
|
|
- "sha256(raw) == 'edcd1722fdc2c924382903b7e4580f9b77603110e497393c9947d45d311234bf'"
|
|
condition: or
|
|
# digest: 4a0a004730450220182af1b18ad6459798f42c01ed4e25e60016e88d3ce86dd0346dd7e268c13f3a022100d62cbcdbb932d6f7d196c33119c356b0cbd4a98e2d69c823c981d83ee5043af7:922c64590222798bb761d5b6d8e72950 |