mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
27 lines
1.2 KiB
YAML
27 lines
1.2 KiB
YAML
id: unit78020-malware-hash
|
|
info:
|
|
name: Unit 78020 Malware Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
Detects malware by Chinese APT PLA Unit 78020 - Generic Rule
|
|
reference:
|
|
- http://threatconnect.com/camerashy/?utm_campaign=CameraShy
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Unit78020.yar
|
|
tags: malware,unit78020
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == '2b15e614fb54bca7031f64ab6caa1f77b4c07dac186826a6cd2e254090675d72'"
|
|
- "sha256(raw) == '76c586e89c30a97e583c40ebe3f4ba75d5e02e52959184c4ce0a46b3aac54edd'"
|
|
- "sha256(raw) == '2625a0d91d3cdbbc7c4a450c91e028e3609ff96c4f2a5a310ae20f73e1bc32ac'"
|
|
- "sha256(raw) == '5c62b1d16e6180f22a0cb59c99a7743f44cb4a41e4e090b9733d1fb687c8efa2'"
|
|
- "sha256(raw) == '7b73bf2d80a03eb477242967628da79924fbe06cc67c4dcdd2bdefccd6e0e1af'"
|
|
- "sha256(raw) == '88c5be84afe20c91e4024160303bafb044f98aa5fbf8c9f9997758a014238790'"
|
|
condition: or
|
|
# digest: 4a0a00473045022100bef6b87200a54e33380190cd196cc6baf928a5ed8487c2cfdab59fd6882bf49e0220066ddbff83aae5a26f7f7775d0289cf8824cda9a0fc33127d00e3c45c2808ff7:922c64590222798bb761d5b6d8e72950 |