-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhalogen_generated.rul
More file actions
21 lines (20 loc) · 1.5 KB
/
halogen_generated.rul
File metadata and controls
21 lines (20 loc) · 1.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
$ python3 halogen.py -d ~/5901/halogen/
rule halo_generated: maldoc images
{
meta:
tlp = "amber"
author = "Halogen Generated Rule"
date = "2021-01-24"
md5 = "['12453bda42e40501077b1d202a338648', '138e3164dd69df539809a0bc5cd37d36', '678aff9ae66a0fb94043261eeeecaec5', '5e870ca9e50adec114a98eab76f5b49c', 'b1d4a944e6a71d17037664135b3498eb']"
family = "malware family"
scope = "['detection', 'collection']"
intel = "['']"
strings:
$jpg_img_value_0 = {ffd8ffe000104a46494600010101006000600000ffe1004b45786966000049492a0008000000010098820200270000001a0000004100000047786e6764386761357533395a746a73343462616a346a743243376b7837}
$png_img_value_1 = {89504e470d0a1a0a0000000d494844520000033100000230080200000039df72c6000000017352474200aece1ce90000000467414d410000b18f0bfc6105000000097048597300000ec300000ec301c76fa864000058}
$png_img_value_2 = {89504e470d0a1a0a0000000d49484452000003f90000044408060000002eb6d1290001000049444154789cecfd698c26499adf89fdcddffb8afbc8c8fbacfbaeeaee6a9143ce0ae4f4ae280dc9e10ca195b01c8a8016}
$png_img_value_3 = {89504e470d0a1a0a0000000d49484452000005bc0000069c08020000005800cfb20001000049444154789cecfd69905de9991ff8bd67b9fbbe2fb9ef4820b1d48a228a2c924db2a9aa56abbb25b97ba615e376686cd2}
$png_img_value_4 = {89504e470d0a1a0a0000000d49484452000004ce0000018608020000000cd85aa4000001266943435041646f62652052474220283139393829000028cf636060327074717265126060c8cd2b290a72775288888c5260}
condition:
any of them
}