mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-04 09:43:40 +08:00
18 lines
781 B
YAML
18 lines
781 B
YAML
id: doublepulsar-malware
|
|
|
|
info:
|
|
name: DoublePulsar Malware - Detect
|
|
author: daffainfo
|
|
severity: info
|
|
reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_DoublePulsar_Petya.yar
|
|
tags: malware,file
|
|
file:
|
|
- extensions:
|
|
- all
|
|
matchers:
|
|
- type: binary
|
|
binary:
|
|
- "FD0C8C5CB8C424C5CCCCCC0EE8CC246BCCCCCC0F24CDCCCCCC275C9775BACDCCCCC3FE"
|
|
- "45208D938D928D918D90929391970F9F9E9D99844529844D20CCCDCCCC9B844503844514844549CC3333332477CCCCCC844549C43333332484CDCCCC844549DC333333844749CC333333844741"
|
|
condition: or
|
|
# digest: 4a0a00473045022100f585dc915fb9975289dc10d23be8da983d03554c0ca4fe6c63201ffa1a2cada202205578f3bd0e4f5b37a176cdf7af6cd634dcc1715ed42f567a24c3f1f46c7c1ba0:922c64590222798bb761d5b6d8e72950 |