mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-05 10:13:23 +08:00
27 lines
1.2 KiB
YAML
27 lines
1.2 KiB
YAML
id: codoso-malware-hash
|
|
info:
|
|
name: Codoso APT Malware Hash - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
Detects Codoso APT Malware.
|
|
reference:
|
|
- https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/APT_Codoso.yar
|
|
tags: malware,apt,codoso
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "sha256(raw) == 'ea67d76e9d2e9ce3a8e5f80ff9be8f17b2cd5b1212153fdf36833497d9c060c0'"
|
|
- "sha256(raw) == '130abb54112dd47284fdb169ff276f61f2b69d80ac0a9eac52200506f147b5f8'"
|
|
- "sha256(raw) == '3ea6b2b51050fe7c07e2cf9fa232de6a602aa5eff66a2e997b25785f7cf50daa'"
|
|
- "sha256(raw) == '02cf5c244aebaca6195f45029c1e37b22495609be7bdfcfcd79b0c91eac44a13'"
|
|
- "sha256(raw) == 'd66106ec2e743dae1d71b60a602ca713b93077f56a47045f4fc9143aa3957090'"
|
|
- "sha256(raw) == '3577845d71ae995762d4a8f43b21ada49d809f95c127b770aff00ae0b64264a3'"
|
|
condition: or
|
|
# digest: 490a004630440220154dff01f167d60c5f7be5adedea39327c170b262c03d3f911a280764b9fdde302207e882d47589e5fb09ef34769da6e52487428bf54b9089fcb4a975c8985c8a72e:922c64590222798bb761d5b6d8e72950 |