search

KC7-Foundation / kc7

A cybersecurity game in Azure Data Explorer
https://kc7cyber.com
Apache License 2.0
162 stars 14 forks source link

Added ability to define custom malware hashes #111

Closed kkneomis closed 1 year ago

kkneomis commented 1 year ago

changed the way malware configs are defines to allow for custom hashes to be injected

Went from 

name: goldenrabbit
filenames:
  - a.exe
  - svchost.exe
  - msdtc.exe
paths:
  - C:\ProgramData\PST\
  - C:\
recon_processes:

To:

name: goldenrabbit
files:
  - filename: a.exe
    hashes:
      - 42530f9f92f2440d66b96e610d07b5256566fe47af2fd6e01cd9e1cd9b85c01e
  - filename: svchost.exe
    hashes:
      - 9bd6a46182f145240e766380d2df56f299ef36dc05ed1f4637b75514c4fd051e
      - 0c3eff5d888cfd0c4c7f1cbc43fad5ca529e70c1a7edc6fcafadca9ebf1e3f88
      - b54a65ca16116b92c6fe5eb6c046b5e7e91aab377703ad51c7def93f725a8c42
  - filename: msdtc.exe
paths:
  - C:\ProgramData\PST\
  - C:\