mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
30 lines
1.6 KiB
YAML
30 lines
1.6 KiB
YAML
id: turla-malware-hash
|
|
info:
|
|
name: Turla APT Malware - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: Detects Turla malware based on sample used in the RUAG APT case
|
|
reference:
|
|
- https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Turla_RUAG.yar
|
|
tags: malware,turla,apt,ruag
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == '0e1bf347c37fb199886f1e675e372ba55ac4627e8be2f05a76c2c64f9b6ed0e4'"
|
|
- "sha256(raw) == '7206075cd8f1004e8f1f759d46e98bfad4098b8642412811a214c0155a1f08b9'"
|
|
- "sha256(raw) == 'fe3ffd7438c0d38484bf02a78a19ea81a6f51b4b3f2b2228bd21974c2538bbcd'"
|
|
- "sha256(raw) == 'c49111af049dd9746c6b1980db6e150b2a79ca1569b23ed2cba81c85c00d82b4'"
|
|
- "sha256(raw) == 'b62a643c96e2e41f639d2a8ce11d61e6b9d7fb3a9baf011120b7fec1b4ee3cf4'"
|
|
- "sha256(raw) == 'edb12790b5cd959bc2e53a4b369a4fd747153e6c9d50f6a69ff047f7857a4348'"
|
|
- "sha256(raw) == '8f2ea0f916fda1dfb771f5441e919c561da5b6334b9f2fffcbf53db14063b24a'"
|
|
- "sha256(raw) == '8dddc744bbfcf215346c812aa569e49523996f73a1f22fe4e688084ce1225b98'"
|
|
- "sha256(raw) == '0c69258adcc97632b729e55664c22cd942812336d41e8ea0cff9ddcafaded20f'"
|
|
- "sha256(raw) == '2b4fba1ef06f85d1395945db40a9f2c3b3ed81b56fb9c2d5e5bb693c230215e2'"
|
|
condition: or
|
|
# digest: 4a0a0047304502210086ecdb8f661bab66df15ef8a7edfb6a03fbf2dad5e2f34836a97b66e8020d31502207c290a06d913fb19ebe5e04b9d99f1a45c0b2ab648e732a125452f91daa7eb7d:922c64590222798bb761d5b6d8e72950 |