Nasreddine Bencherchali
1147 lines
81 KiB
YAML
1147 lines
81 KiB
YAML
title: Vulnerable Driver Load
|
|
id: 7aaaf4b8-e47c-4295-92ee-6ed40a6f60c8
|
|
status: experimental
|
|
description: Detects the load of known vulnerable drivers by hash value
|
|
references:
|
|
- https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
|
|
- https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
|
|
- https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
|
|
- https://github.com/jbaines-r7/dellicious
|
|
- https://github.com/MicrosoftDocs/windows-itpro-docs/blob/public/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
|
|
- https://github.com/namazso/physmem_drivers
|
|
- https://github.com/stong/CVE-2020-15368
|
|
- https://github.com/CaledoniaProject/drivers-binaries
|
|
- https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html
|
|
- https://github.com/tandasat/ExploitCapcom
|
|
- https://github.com/Chigusa0w0/AsusDriversPrivEscala/blob/master/ATSZIO.md
|
|
- https://github.com/Chigusa0w0/AsusDriversPrivEscala/blob/master/DRIVER7.md
|
|
- https://www.unknowncheats.me/forum/downloads.php?do=file&id=21780
|
|
- https://www.rapid7.com/db/modules/exploit/windows/local/razer_zwopenprocess/
|
|
- https://www.unknowncheats.me/forum/downloads.php?do=file&id=25444
|
|
- https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part
|
|
author: Nasreddine Bencherchali (Nextron Systems)
|
|
date: 2022/08/18
|
|
modified: 2023/01/11
|
|
tags:
|
|
- attack.privilege_escalation
|
|
- attack.t1543.003
|
|
- attack.t1068
|
|
logsource:
|
|
product: windows
|
|
category: driver_load
|
|
detection:
|
|
selection_sysmon:
|
|
Hashes|contains:
|
|
# List below is from https://github.com/namazso/physmem_drivers and the SHA1 are from VT
|
|
- 'SHA1=2261198385d62d2117f50f631652eded0ecc71db'
|
|
- 'SHA1=8db869c0674221a2d3280143cbb0807fac08e0cc'
|
|
- 'SHA1=27d3ebea7655a72e6e8b95053753a25db944ec0f'
|
|
- 'SHA1=33cdab3bbc8b3adce4067a1b042778607dce2acd'
|
|
- 'SHA1=21e6c104fe9731c874fab5c9560c929b2857b918'
|
|
- 'SHA1=d979353d04bf65cc92ad3412605bc81edbb75ec2'
|
|
- 'SHA1=2f991435a6f58e25c103a657d24ed892b99690b8'
|
|
- 'SHA1=f02af84393e9627ba808d4159841854a6601cf80'
|
|
- 'SHA1=bb962c9a8dda93e94fef504c4159de881e4706fe'
|
|
- 'SHA1=b97a8d506be2e7eaa4385f70c009b22adbd071ba'
|
|
- 'SHA1=92f251358b3fe86fd5e7aa9b17330afa0d64a705'
|
|
- 'SHA1=8b6aa5b2bff44766ef7afbe095966a71bc4183fa'
|
|
- 'SHA1=af6e1f2cfb230907476e8b2d676129b6d6657124'
|
|
- 'SHA1=fcde5275ee1913509927ce5f0f85e6681064c9d2'
|
|
- 'SHA1=00a442a4305c62cefa8105c0b4c4a9a5f4d1e93b'
|
|
- 'SHA1=6523b3fd87de39eb5db1332e4523ce99556077dc'
|
|
- 'SHA1=72966ca845759d239d09da0de7eebe3abe86fee3'
|
|
- 'SHA1=57511ef5ff8162a9d793071b5bf7ebe8371759de'
|
|
- 'SHA1=2d503a2457a787014a1fdd48a2ece2e6cbe98ea7'
|
|
- 'SHA1=400f833dcc2ef0a122dd0e0b1ec4ec929340d90e'
|
|
- 'SHA1=89cd760e8cb19d29ee08c430fb17a5fd4455c741'
|
|
- 'SHA1=1d0df45ee3fa758f0470e055915004e6eae54c95'
|
|
- 'SHA1=d5fd9fe10405c4f90235e583526164cd0902ed86'
|
|
- 'SHA1=c52cef5b9e1d4a78431b7af56a6fdb6aa1bcad65'
|
|
- 'SHA1=609fa1efcf61e26d64a5ceb13b044175ab2b3a13'
|
|
- 'SHA1=7d7c03e22049a725ace2a9812c72b53a66c2548b'
|
|
- 'SHA1=f9519d033d75e1ab6b82b2e156eafe9607edbcfb'
|
|
- 'SHA1=468e2e5505a3d924b14fedee4ddf240d09393776'
|
|
- 'SHA1=2e3de9bff43d7712707ef8a0b10f7e4ad8427fd8'
|
|
- 'SHA1=c9cbfdd0be7b35751a017ec59ff7237ffdc4df1f'
|
|
- 'SHA1=078ae07dec258db4376d5a2a05b9b508d68c0123'
|
|
- 'SHA1=623cd2abef6c92255f79cbbd3309cb59176771da'
|
|
- 'SHA1=1f3a9265963b660392c4053329eb9436deeed339'
|
|
- 'SHA1=4a235f0b84ff615e2879fa9e0ec0d745fcfdaa5c'
|
|
- 'SHA1=ace6b9e34e3e2e73fe584f3bbdb4e4ec106e0a7d'
|
|
- 'SHA1=4268f30b79ce125a81d0d588bef0d4e2ad409bbb'
|
|
- 'SHA1=c834c4931b074665d56ccab437dfcc326649d612'
|
|
- 'SHA1=8f5cd4a56e6e15935491aa40adb1ecad61eafe7c'
|
|
- 'SHA1=51b60eaa228458dee605430aae1bc26f3fc62325'
|
|
- 'SHA1=3270720a066492b046d7180ca6e60602c764cac7'
|
|
- 'SHA1=2a6e6bd51c7062ad24c02a4d2c1b5e948908d131'
|
|
- 'SHA1=19bd488fe54b011f387e8c5d202a70019a204adf'
|
|
- 'SHA1=a6fe4f30ca7cb94d74bc6d42cdd09a136056952e'
|
|
- 'SHA1=ea877092d57373cb466b44e7dbcad4ce9a547344'
|
|
- 'SHA1=205c69f078a563f54f4c0da2d02a25e284370251'
|
|
- 'SHA1=f9feb60b23ca69072ce42264cd821fe588a186a6'
|
|
- 'SHA1=b25170e09c9fb7c0599bfba3cf617187f6a733ac'
|
|
- 'SHA1=160c96b5e5db8c96b821895582b501e3c2d5d6e7'
|
|
- 'SHA1=a2e0b3162cfa336cd4ab40a2acc95abe7dc53843'
|
|
- 'SHA1=4e826430a1389032f3fe06e2cc292f643fb0c417'
|
|
- 'SHA1=7ab4565ba24268f0adadb03a5506d4eb1dc7c181'
|
|
- 'SHA1=dc7b022f8bd149efbcb2204a48dce75c72633526'
|
|
- 'SHA1=0307d76750dd98d707c699aee3b626643afb6936'
|
|
- 'SHA1=5711c88e9e64e45b8fc4b90ab6f2dd6437dc5a8a'
|
|
- 'SHA1=6714380bc0b8ab09b9a0d2fa66d1b025b646b946'
|
|
- 'SHA1=8626ab1da6bfbdf61bd327eb944b39fd9df33d1d'
|
|
- 'SHA1=30a224b22592d952fbe2e6ad97eda4a8f2c734e0'
|
|
- 'SHA1=c95db1e82619fb16f8eec9a8209b7b0e853a4ebe'
|
|
- 'SHA1=fe1d909ab38de1389a2a48352fd1c8415fd2eab0'
|
|
- 'SHA1=b4d1554ec19504215d27de0758e13c35ddd6db3e'
|
|
- 'SHA1=5dd2c31c4357a8b76db095364952b3d0e3935e1d'
|
|
- 'SHA1=ecb4d096a9c58643b02f328d2c7742a38e017cf0'
|
|
- 'SHA1=4a705af959af61bad48ef7579f839cb5ebd654d2'
|
|
- 'SHA1=d2e6fc9259420f0c9b6b1769be3b1f63eb36dc57'
|
|
- 'SHA1=c948ae14761095e4d76b55d9de86412258be7afd'
|
|
- 'SHA1=ddbe809b731a0962e404a045ab9e65a0b64917ad'
|
|
- 'SHA1=745bad097052134548fe159f158c04be5616afc2'
|
|
- 'SHA1=8d59fd14a445c8f3f0f7991fa6cd717d466b3754'
|
|
- 'SHA1=2dfcb799b3c42ecb0472e27c19b24ac7532775ce'
|
|
- 'SHA1=cc51be79ae56bc97211f6b73cc905c3492da8f9d'
|
|
- 'SHA1=ac13941f436139b909d105ad55637e1308f49d9a'
|
|
- 'SHA1=2b0bb408ff0e66bcdf6574f1ca52cbf4015b257b'
|
|
- 'SHA1=cc0e0440adc058615e31e8a52372abadf658e6b1'
|
|
- 'SHA1=5520ac25d81550a255dc16a0bb89d4b275f6f809'
|
|
- 'SHA1=6afc6b04cf73dd461e4a4956365f25c1f1162387'
|
|
- 'SHA1=4b009e91bae8d27b160dc195f10c095f8a2441e1'
|
|
- 'SHA1=6003184788cd3d2fc624ca801df291ccc4e225ee'
|
|
- 'SHA1=0466e90bf0e83b776ca8716e01d35a8a2e5f96d3'
|
|
- 'SHA1=e6305dddd06490d7f87e3b06d09e9d4c1c643af0'
|
|
- 'SHA1=89909fa481ff67d7449ee90d24c167b17b0612f1'
|
|
- 'SHA1=d7e8aef8c8feb87ce722c0b9abf34a7e6bab6eb4'
|
|
- 'SHA1=5e6ddd2b39a3de0016385cbd7aa50e49451e376d'
|
|
- 'SHA1=976777d39d73034df6b113dfce1aa6e1d00ffcfd'
|
|
- 'SHA1=9c6749fc6c1127f8788bff70e0ce9062959637c9'
|
|
- 'SHA1=53acd4d9e7ba0b1056cf52af0d191f226eddf312'
|
|
- 'SHA1=3abb9d0a9d600200ae19c706e570465ef0a15643'
|
|
- 'SHA1=27eab595ec403580236e04101172247c4f5d5426'
|
|
- 'SHA1=78b9481607ca6f3a80b4515c432ddfe6550b18a8'
|
|
- 'SHA1=414cd15d6c991d19fb5be02e3b9fb0e6c5ce731c'
|
|
- 'SHA1=d9c09dd725bc7bc3c19b4db37866015817a516ef'
|
|
- 'SHA1=9c256edd10823ca76c0443a330e523027b70522d'
|
|
- 'SHA1=35829e096a15e559fcbabf3441d99e580ca3b26e'
|
|
- 'SHA1=b8de3a1aeeda9deea43e3f768071125851c85bd0'
|
|
- 'SHA1=054a50293c7b4eea064c91ef59cf120d8100f237'
|
|
- 'SHA1=d94f2fb3198e14bfe69b44fb9f00f2551f7248b2'
|
|
- 'SHA1=01a578a3a39697c4de8e3dab04dba55a4c35163e'
|
|
- 'SHA1=14bf0eaa90e012169745b3e30c281a327751e316'
|
|
- 'SHA1=f50c6b84dfb8f2d53ba3bce000a55f0a486c0e79'
|
|
- 'SHA1=6100eb82a25d64a7a7702e94c2b21333bc15bd08'
|
|
- 'SHA1=bf87e32a651bdfd9b9244a8cf24fca0e459eb614'
|
|
- 'SHA1=28b1c0b91eb6afd2d26b239c9f93beb053867a1a'
|
|
- 'SHA1=879fcc6795cebe67718388228e715c470de87dca'
|
|
- 'SHA1=1f7501e01d84a2297c85cb39880ec4e40ac3fe8a'
|
|
- 'SHA1=152b6bb9ffd2ffec00cc46f5c6e29362d0e66e67'
|
|
- 'SHA1=5f8356ffa8201f338dd2ea979eb47881a6db9f03'
|
|
- 'SHA1=a7bd05de737f8ea57857f1e0845a25677df01872'
|
|
- 'SHA1=cce9b82f01ec68f450f5fe4312f40d929c6a506e'
|
|
- 'SHA1=e35a2b009d54e1a0b231d8a276251f64231b66a3'
|
|
- 'SHA1=37364cb5f5cefd68e5eca56f95c0ab4aff43afcc'
|
|
- 'SHA1=d62fa51e520022483bdc5847141658de689c0c29'
|
|
- 'SHA1=93aa3bb934b74160446df3a47fa085fd7f3a6be9'
|
|
- 'SHA1=ec4cc6de4c779bb1ca1dd32ee3a03f7e8d633a9b'
|
|
- 'SHA1=35f1ba60ba0da8512a0b1b15ee8e30fe240d77cd'
|
|
- 'SHA1=3805e4e08ad342d224973ecdade8b00c40ed31be'
|
|
- 'SHA1=65d8a7c2e867b22d1c14592b020c548dd0665646'
|
|
- 'SHA1=c8d87f3cd34c572870e63a696cf771580e6ea81b'
|
|
- 'SHA1=c4d7fb9db3c3459f7e8c0e3d48c95c7c9c4cff60'
|
|
- 'SHA1=d34a7c497c603f3f7fcad546dc4097c2da17c430'
|
|
- 'SHA1=1fd7f881ea4a1dbb5c9aeb9e7ad659a85421745b'
|
|
- 'SHA1=0b8b83f245d94107cb802a285e6529161d9a834d'
|
|
- 'SHA1=c969f1f73922fd95db1992a5b552fbc488366a40'
|
|
- 'SHA1=ac600a2bc06b312d92e649b7b55e3e91e9d63451'
|
|
- 'SHA1=da9cea92f996f938f699902482ac5313d5e8b28e'
|
|
- 'SHA1=33285b2e97a0aeb317166cce91f6733cf9c1ad53'
|
|
- 'SHA1=21edff2937eb5cd6f6b0acb7ee5247681f624260'
|
|
- 'SHA1=f052dc35b74a1a6246842fbb35eb481577537826'
|
|
- 'SHA1=f0c463d29a5914b01e4607889094f1b7d95e7aaf'
|
|
- 'SHA1=0c26ab1299adcd9a385b541ef1653728270aa23e'
|
|
- 'SHA1=f36a47edfacd85e0c6d4d22133dd386aee4eec15'
|
|
- 'SHA1=460008b1ffd31792a6deadfa6280fb2a30c8a5d2'
|
|
- 'SHA1=738b7918d85e5cb4395df9e3f6fc94ddad90e939'
|
|
- 'SHA1=43419df1f9a07430a18c5f3b3cc74de621be0f8e'
|
|
- 'SHA1=558aad879b6a47d94a968f39d0a4e3a3aaef1ef1'
|
|
- 'SHA1=7fb52290883a6b69a96d480f2867643396727e83'
|
|
# The list below is from https://github.com/jbaines-r7/dellicious and https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
|
|
- 'SHA1=f5696fb352a3fbd14fb1a89ad21a71776027f9ab'
|
|
- 'SHA1=693a2645c28fc3b248fda95179c36c3ac64f6fc2'
|
|
- 'SHA1=05c0c49e8bcf11b883d41441ce87a2ee7a3aba1d'
|
|
- 'SHA1=d25340ae8e92a6d29f599fef426a2bc1b5217299'
|
|
- 'SHA1=7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c'
|
|
- 'SHA1=fe10018af723986db50701c8532df5ed98b17c39'
|
|
- 'SHA1=bfe55cacc7c56c9f7bd75bdb4b352c0b745d071b'
|
|
- 'SHA1=a21c84c6bf2e21d69fa06daaf19b4cc34b589347'
|
|
- 'SHA1=82ba5513c33e056c3f54152c8555abf555f3e745'
|
|
- 'SHA1=d098600152e5ee6a8238d414d2a77a34da8afaaa'
|
|
- 'SHA1=64e4ac8b9ea2f050933b7ec76a55dd04e97773b4'
|
|
- 'SHA1=bbc1e5fd826961d93b76abd161314cb3592c4436'
|
|
- 'SHA1=90a76945fd2fa45fab2b7bcfdaf6563595f94891'
|
|
- 'SHA1=b03b1996a40bfea72e4584b82f6b845c503a9748'
|
|
- 'SHA1=c771ea59f075170e952c393cfd6fc784b265027c'
|
|
- 'SHA1=cb44c6f0ee51cb4c5836499bc61dd6c1fbdf8aa1'
|
|
- 'SHA1=0918277fcdc64a9dc51c04324377b3468fa1269b'
|
|
- 'SHA1=b09bcc042d60d2f4c0d08284818ed198cededa04'
|
|
# The list below is from https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
|
|
- 'SHA1=8dc2097a90eb7e9d6ee31a7c7a95e7a0b2093b89'
|
|
- 'SHA1=15df139494d2c40a645fb010908551185c27f3c5'
|
|
- 'SHA1=012db3a80faf1f7f727b538cbe5d94064e7159de'
|
|
- 'SHA1=d04e5db5b6c848a29732bfd52029001f23c3da75'
|
|
- 'SHA1=490109fa6739f114651f4199196c5121d1c6bdf2'
|
|
- 'SHA1=b4d014b5edd6e19ce0e8395a64faedf49688ecb5'
|
|
- 'SHA1=a87d6eac2d70a3fbc04e59412326b28001c179de'
|
|
- 'SHA1=3f223581409492172a1e875f130f3485b90fbe5f'
|
|
- 'SHA1=5db61d00a001fd493591dc919f69b14713889fc5'
|
|
# https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
|
|
- 'SHA1=9923c8f1e565a05b3c738d283cf5c0ed61a0b90f'
|
|
- 'SHA1=15d1a6a904c8409fb47a82aefa42f8c3c7d8c370'
|
|
- 'SHA1=9d07df024ec457168bf0be7e0009619f6ac4f13c'
|
|
- 'SHA1=9a35ae9a1f95ce4be64adc604c80079173e4a676'
|
|
- 'SHA1=c6bd965300f07012d1b651a9b8776028c45b149a'
|
|
- 'SHA1=e83458c4a6383223759cd8024e60c17be4e7c85f'
|
|
- 'SHA1=cb3de54667548a5c9abf5d8fa47db4097fcee9f1'
|
|
- 'SHA1=9c24dd75e4074041dbe03bf21f050c77d748b8e9'
|
|
- 'SHA1=dc55217b6043d819eadebd423ff07704ee103231'
|
|
- 'SHA1=e92817a8744ebc4e4fa5383cdce2b2977f01ecd4'
|
|
- 'SHA1=dc0e97adb756c0f30b41840a59b85218cbdd198f'
|
|
- 'SHA1=26c4a7b392d7e7bd7f0a2a758534e45c0d9a56ab'
|
|
- 'SHA1=d0d39e1061f30946141b6ecfa0957f8cc3ddeb63'
|
|
- 'SHA1=c6d349823bbb1f5b44bae91357895dba653c5861'
|
|
- 'SHA1=f42f28d164205d9f6dab9317c9fecad54c38d5d2'
|
|
- 'SHA1=bbc0b9fd67c8f4cefa3d76fcb29ff3cef996b825'
|
|
- 'SHA1=8183a341ba6c3ce1948bf9be49ab5320e0ee324d'
|
|
- 'SHA1=eb1ecad3d37bb980f908bf1a912415cff32e79e6'
|
|
- 'SHA1=eb0d45aa6f537f5b2f90f3ad99013606eafcd162'
|
|
- 'SHA1=6053d258096bccb07cb0057d700fe05233ab1fbb'
|
|
- 'SHA1=29a190727140f40cea9514a6420f5a195e36386b'
|
|
- 'SHA1=a4b2c56c12799855162ca3b004b4b2078c6ecf77'
|
|
- 'SHA1=7667b72471689151e176baeba4e1cd9cd006a09a'
|
|
- 'SHA1=d7f7594ff084201c0d9fa2f4ef1626635b67bce5'
|
|
- 'SHA1=99201c9555e5faf6e8d82da793b148311f8aa4b8'
|
|
- 'SHA1=947db58d6f36a8df9fa2a1057f3a7f653ccbc42e'
|
|
- 'SHA1=6a3d3b9ab3d201cd6b0316a7f9c3fb4d34d0f403'
|
|
- 'SHA1=d702d88b12233be9413446c445f22fda4a92a1d9'
|
|
- 'SHA1=910cb12aa49e9f35ecc4907e8304adf0dcca8cf1'
|
|
- 'SHA1=643383938d5e0d4fd30d302af3e9293a4798e392'
|
|
- 'SHA1=c4ed28fdfba7b8a8dfe39e591006f25d39990f07'
|
|
# The list below is derived from the ELASTIC yara rules https://github.com/elastic/protections-artifacts/search?q=VulnDriver
|
|
# These are the hashes mentioned in the "reference_sample" section that ELASTIC used to create their rules
|
|
- 'SHA1=b0032b8d8e6f4bd19a31619ce38d8e010f29a816'
|
|
- 'SHA1=db6245578ec57bd767b27ecf8085095e1c8e5a6e'
|
|
- 'SHA1=166759fd511613414d3213942fe2575b926a6226'
|
|
- 'SHA1=02a8b74899591da7b7f49c0450328d39b939d7e4'
|
|
- 'SHA1=98ceed786f79288becc08c3b82c57e8d4bfa1bca'
|
|
- 'SHA1=f6b3577ea4b1a5641ae3421151a26268434c3db8'
|
|
- 'SHA1=4de33d03fee52f396a1c788000ca868d56ac30de'
|
|
- 'SHA1=c6920171fa6dff2c17eb83befb5fd28e8dddf5f0'
|
|
- 'SHA1=fbc6d2448739ddec35bb5d6c94b46df4148f648d'
|
|
- 'SHA1=6b54f8f137778c1391285fee6150dfa58a8120b1'
|
|
- 'SHA1=943593e880b4d340f2548548e6e673ef6f61eed3'
|
|
- 'SHA1=5ac4d0e2381fc4a8aebe94a0fb6fe5e7558e4dcd'
|
|
- 'SHA1=e44297a2b750ec1958bef265e2f1ae6fa4323b28'
|
|
- 'SHA1=aa2ea973bb248b18973e57339307cfb8d309f687'
|
|
- 'SHA1=3a5d176c50f97b71d139767ed795d178623f491d'
|
|
- 'SHA1=25d812a5ece19ea375178ef9d60415841087726e'
|
|
- 'SHA1=3795e32592ab6d8074b6f7ad33759c6a39b0df07'
|
|
- 'SHA1=fc121ed6fb37e97a004b6faf217435b772dfc4c0'
|
|
- 'SHA1=ab2b8602e4baef828b58b995d0889a8e5b8dbd02'
|
|
- 'SHA1=cf040040628b58f4a811f98c2690913c1e8e4e3c'
|
|
- 'SHA1=3296844d22c87dd5eba3aa378a8242b41d59db7a'
|
|
- 'SHA1=bc47e15537fa7c32dfefd23168d7e1741f8477ed'
|
|
- 'SHA1=cb22723faa5ae2809476e5c5e9b9a597b26cab9b'
|
|
- 'SHA1=f3c5e723ae009b336cd2719137b8cd194c9ee51d'
|
|
- 'SHA1=41f2d0f9863bce8920c207b1ef5d3d32b603edef'
|
|
- 'SHA1=eb93d2f564fea9b3dc350f386b45de2cd9a3e001'
|
|
- 'SHA1=3cd037fbba8aae82c1b111c9f8755349c98bcb3c'
|
|
- 'SHA1=9401389fba314d1810f83edce33c37e84a78e112'
|
|
- 'SHA1=7eb34cc1fcffb4fdb5cb7e97184dd64a65cb9371'
|
|
- 'SHA1=16d7ecf09fc98798a6170e4cef2745e0bee3f5c7'
|
|
- 'SHA1=fcd615df88645d1f57ff5702bd6758b77efea6d0'
|
|
- 'SHA1=f3db629cfe37a73144d5258e64d9dd8b38084cf4'
|
|
- 'SHA1=a00e444120449e35641d58e62ed64bb9c9f518d2'
|
|
- 'SHA1=38571f14fc014487194d1eecfa80561ee8644e09'
|
|
- 'SHA1=4d41248078181c7f61e6e4906aa96bbdea320dc2'
|
|
- 'SHA1=3599ea2ac1fa78f423423a4cf90106ea0938dde8'
|
|
- 'SHA1=3d6d53b0f1cc908b898610227b9f1b9352137aba'
|
|
- 'SHA1=4c18754dca481f107f0923fb8ef5e149d128525d'
|
|
- 'SHA1=8c377ab4eebc5f4d8dd7bb3f90c0187dfdd3349f'
|
|
- 'SHA1=cde32654a041fedc7b0fa1083f6005b950760062'
|
|
- 'SHA1=5fb9421be8a8b08ec395d05e00fd45eb753b593a'
|
|
- 'SHA1=b480c54391a2a2f917a44f91a5e9e4590648b332'
|
|
- 'SHA1=4f7a8e26a97980544be634b26899afbefb0a833c'
|
|
# https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html
|
|
- 'SHA1=c1d5cf8c43e7679b782630e93f5e6420ca1749a7'
|
|
- 'SHA1=a7e9a4686aa7291331e2c8708882c8d81d05264f'
|
|
- 'SHA1=7ba19a701c8af76988006d616a5f77484c13cb0a'
|
|
- 'SHA1=4243dbbf6e5719d723f24d0f862afd0fcb40bc35'
|
|
- 'SHA1=00b4e8b7644d1bf93f5ddb5740b444b445e81b02'
|
|
- 'SHA1=fd833f3fe2fa396878033b9e6054725248bf9881'
|
|
- 'SHA1=db446af0e34259e95f4db112a9f06177e1eef4e0'
|
|
- 'SHA1=39d7b121bc654a0de891225e0f8b7b5537c24931'
|
|
- 'SHA1=d0a228ed8af190dec0c1a812e212f5e68ee3b43e'
|
|
- 'SHA1=7d2fc1a6729521e5c76f659e4c398e2061f7ed5e'
|
|
- 'SHA1=f999709e5b00a68a0f4fa912619fe6548ad0c42d'
|
|
# Vuln driver version obtained from: https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part
|
|
# Version hash obtained from: https://winbindex.m417z.com/?arch=&file=clfs.sys
|
|
- 'SHA1=06232f7ea7ea24102d452427aedbbc8b8e188a0c'
|
|
# Powertool Drivers obtained from VT by pivoting on the Imphash: f5030145594c486434040aa2636a5dde
|
|
- 'SHA1=a380aeb3ffaecc53ca48bb1d4d622c46f1de7962'
|
|
- 'SHA1=4927d843577bada119a17b249ff4e7f5e9983a92'
|
|
- 'SHA1=e5114fd50904c7fb75d8c86367b9a2dd4f79dfb1'
|
|
- 'SHA1=3ccf1f3ac636a5e21b39ede48ff49fa23e05413f'
|
|
- 'SHA1=755349d56cdd668ca22eebc4fc89f0cccef47327'
|
|
- 'SHA1=56af49e030eb85528e82849d7d1b6147f3c4973e'
|
|
# Vuln Intel Driver CVE-2015-2291
|
|
- 'SHA1=45a9f95a7a018925148152b888d09d478d56bbf5'
|
|
- 'SHA1=540b9f9a232b9d597138b8e0f33d83f5f6e247af'
|
|
- 'SHA1=bdfb25cc4ed569dc0d5849545eb4abe08539029f'
|
|
- 'SHA1=28da2ac7c82b999c53f99d55331cfa3624a0bc6f'
|
|
- 'SHA1=5d5f92fba0f39826b527f335a7cca7d363758410'
|
|
- 'SHA1=1858ab7ad1947f5c24b9c913cd975e6dbb536865'
|
|
- 'SHA1=0f2aa3bfdfd699e258382ea1b3c1db1ad7211023'
|
|
- 'SHA1=886a9c16b871da42cdb54c6738a8e088be8b989f'
|
|
- 'SHA1=c24883645c0589f6171e8ee10080750ac66d75e6'
|
|
- 'SHA1=36d3b09e19477d807a6a5efff89aa6cc8b71bdeb'
|
|
- 'SHA1=e58dd758e28218e1edb33cd88bb97504972ee221'
|
|
- 'SHA1=d782ef79266179d2247807857877fabb2e402be5'
|
|
# The list below is from https://github.com/namazso/physmem_drivers
|
|
- 'SHA256=05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748'
|
|
- 'SHA256=4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA'
|
|
- 'SHA256=6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA'
|
|
- 'SHA256=8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F'
|
|
- 'SHA256=B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414'
|
|
- 'SHA256=7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D'
|
|
- 'SHA256=7F375639A0DF7FE51E5518CF87C3F513C55BC117DB47D28DA8C615642EB18BFA'
|
|
- 'SHA256=42579A759F3F95F20A2C51D5AC2047A2662A2675B3FB9F46C1ED7F23393A0F00'
|
|
- 'SHA256=2DA330A2088409EFC351118445A824F11EDBE51CF3D653B298053785097FE40E'
|
|
- 'SHA256=436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7'
|
|
- 'SHA256=B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602'
|
|
- 'SHA256=DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8'
|
|
- 'SHA256=B48A309EE0960DA3CAAAAF1E794E8C409993AEB3A2B64809F36B97AAC8A1E62A'
|
|
- 'SHA256=025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4'
|
|
- 'SHA256=2AA1B08F47FBB1E2BD2E4A492F5D616968E703E1359A921F62B38B8E4662F0C4'
|
|
- 'SHA256=ECE0A900EA089E730741499614C0917432246CEB5E11599EE3A1BB679E24FD2C'
|
|
- 'SHA256=F40435488389B4FB3B945CA21A8325A51E1B5F80F045AB019748D0EC66056A8B'
|
|
- 'SHA256=2A652DE6B680D5AD92376AD323021850DAB2C653ABF06EDF26120F7714B8E08A'
|
|
- 'SHA256=950A4C0C772021CEE26011A92194F0E58D61588F77F2873AA0599DFF52A160C9'
|
|
- 'SHA256=0AAFA9F47ACF69D46C9542985994FF5321F00842A28DF2396D4A3076776A83CB'
|
|
- 'SHA256=47F08F7D30D824A8F4BB8A98916401A37C0FD8502DB308ABA91FE3112B892DCC'
|
|
- 'SHA256=B9A4E40A5D80FEDD1037EAED958F9F9EFED41EB01ADA73D51B5DCD86E27E0CBF'
|
|
- 'SHA256=5C04C274A708C9A7D993E33BE3EA9E6119DC29527A767410DBAF93996F87369A'
|
|
- 'SHA256=0040153302B88BEE27EB4F1ECA6855039E1A057370F5E8C615724FA5215BADA3'
|
|
- 'SHA256=3326E2D32BBABD69FEB6024809AFC56C7E39241EBE70A53728C77E80995422A5'
|
|
- 'SHA256=36B9E31240AB0341873C7092B63E2E0F2CAB2962EBF9B25271C3A1216B7669EB'
|
|
- 'SHA256=29E0062A017A93B2F2F5207A608A96DF4D554C5DE976BD0276C2590A03BD3E94'
|
|
- 'SHA256=45ABDBCD4C0916B7D9FAAF1CD08543A3A5178871074628E0126A6EDA890D26E0'
|
|
- 'SHA256=50DB5480D0392A7DD6AB5DF98389DC24D1ED1E9C98C9C35964B19DABCD6DC67F'
|
|
- 'SHA256=607DC4C75AC7AEF82AE0616A453866B3B358C6CF5C8F9D29E4D37F844306B97C'
|
|
- 'SHA256=61D6E40601FA368800980801A662A5B3B36E3C23296E8AE1C85726A56EF18CC8'
|
|
- 'SHA256=74A846C61ADC53692D3040AFF4C1916F32987AD72B07FE226E9E7DBEFF1036C4'
|
|
- 'SHA256=76FB4DEAEE57EF30E56C382C92ABFFE2CF616D08DBECB3368C8EE6B02E59F303'
|
|
- 'SHA256=81939E5C12BD627FF268E9887D6FB57E95E6049F28921F3437898757E7F21469'
|
|
- 'SHA256=9790A7B9D624B2B18768BB655DDA4A05A9929633CEF0B1521E79E40D7DE0A05B'
|
|
- 'SHA256=9A1D66036B0868BBB1B2823209FEDEA61A301D5DD245F8E7D390BD31E52D663E'
|
|
- 'SHA256=AA9AB1195DC866270E984F1BED5E1358D6EF24C515DFDB6C2A92D1E1B94BF608'
|
|
- 'SHA256=AF095DE15A16255CA1B2C27DAD365DFF9AC32D2A75E8E288F5A1307680781685'
|
|
- 'SHA256=D5586DC1E61796A9AE5E5D1CED397874753056C3DF2EB963A8916287E1929A71'
|
|
- 'SHA256=D8459F7D707C635E2C04D6D6D47B63F73BA3F6629702C7A6E0DF0462F6478AE2'
|
|
- 'SHA256=E81230217988F3E7EC6F89A06D231EC66039BDBA340FD8EBB2BBB586506E3293'
|
|
- 'SHA256=F88EBB633406A086D9CCA6BC8B66A4EA940C5476529F9033A9E0463512A23A57'
|
|
- 'SHA256=1C8DFA14888BB58848B4792FB1D8A921976A9463BE8334CFF45CC96F1276049A'
|
|
- 'SHA256=22418016E980E0A4A2D01CA210A17059916A4208352C1018B0079CCB19AAF86A'
|
|
- 'SHA256=405472A8F9400A54BB29D03B436CCD58CFD6442FE686F6D2ED4F63F002854659'
|
|
- 'SHA256=49F75746EEBE14E5DB11706B3E58ACCC62D4034D2F1C05C681ECEF5D1AD933BA'
|
|
- 'SHA256=4A3D4DB86F580B1680D6454BAEE1C1A139E2DDE7D55E972BA7C92EC3F555DCE2'
|
|
- 'SHA256=4AB41816ABBF14D59E75B7FAD49E2CB1C1FEB27A3CB27402297A2A4793FF9DA7'
|
|
- 'SHA256=54841D9F89E195196E65AA881834804FE3678F1CF6B328CAB8703EDD15E3EC57'
|
|
- 'SHA256=5EE292B605CD3751A24E5949AAE615D472A3C72688632C3040DC311055B75A92'
|
|
- 'SHA256=76B86543CE05540048F954FED37BDDA66360C4A3DDB8328213D5AEF7A960C184'
|
|
- 'SHA256=7F190F6E5AB0EDAFD63391506C2360230AF4C2D56C45FC8996A168A1FC12D457'
|
|
- 'SHA256=845F1E228DE249FC1DDF8DC28C39D03E8AD328A6277B6502D3932E83B879A65A'
|
|
- 'SHA256=84BF1D0BCDF175CFE8AEA2973E0373015793D43907410AE97E2071B2C4B8E2D4'
|
|
- 'SHA256=8EF0AD86500094E8FA3D9E7D53163AA6FEEF67C09575C169873C494ED66F057F'
|
|
- 'SHA256=A56C2A2425EB3A4260CC7FC5C8D7BED7A3B4CD2AF256185F24471C668853AEE8'
|
|
- 'SHA256=AC3F613D457FC4D44FA27B2E0B1BAA62C09415705EFB5A40A4756DA39B3AC165'
|
|
- 'SHA256=B1334A71CC73B3D0C54F62D8011BEC330DFC355A239BF94A121F6E4C86A30A2E'
|
|
- 'SHA256=B47BE212352D407D0EF7458A7161C66B47C2AEC8391DD101DF11E65728337A6A'
|
|
- 'SHA256=B9B3878DDC5DFB237D38F8D25067267870AFD67D12A330397A8853209C4D889C'
|
|
- 'SHA256=DB90E554AD249C2BD888282ECF7D8DA4D1538DD364129A3327B54F8242DD5653'
|
|
- 'SHA256=E61A54F6D3869B43C4ECEAC3016DF73DF67CCE03878C5A6167166601C5D3F028'
|
|
- 'SHA256=3871E16758A1778907667F78589359734F7F62F9DC953EC558946DCDBE6951E3'
|
|
- 'SHA256=DED2927F9A4E64EEFD09D0CABA78E94F309E3A6292841AE81D5528CAB109F95D'
|
|
- 'SHA256=0296E2CE999E67C76352613A718E11516FE1B0EFC3FFDB8918FC999DD76A73A5'
|
|
- 'SHA256=80CBBA9F404DF3E642F22C476664D63D7C229D45D34F5CD0E19C65EB41BECEC3'
|
|
- 'SHA256=BB50818A07B0EB1BD317467139B7EB4BAD6CD89053FECDABFEAE111689825955'
|
|
- 'SHA256=FF6729518A380BF57F1BC6F1EC0AA7F3012E1618B8D9B0F31A61D299EE2B4339'
|
|
- 'SHA256=3A5EC83FE670E5E23AEF3AFA0A7241053F5B6BE5E6CA01766D6B5F9177183C25'
|
|
- 'SHA256=61A1BDDDD3C512E681818DEBB5BEE94DB701768FC25E674FCAD46592A3259BD0'
|
|
- 'SHA256=07B6D69BAFCFD767F1B63A490A8843C3BB1F8E1BBEA56176109B5743C8F7D357'
|
|
- 'SHA256=21CCDD306B5183C00ECFD0475B3152E7D94B921E858E59B68A03E925D1715F21'
|
|
- 'SHA256=2D83CCB1AD9839C9F5B3F10B1F856177DF1594C66CBBC7661677D4B462EBF44D'
|
|
- 'SHA256=F581DECC2888EF27EE1EA85EA23BBB5FB2FE6A554266FF5A1476ACD1D29D53AF'
|
|
- 'SHA256=F8965FDCE668692C3785AFA3559159F9A18287BC0D53ABB21902895A8ECF221B'
|
|
- 'SHA256=3D23BDBAF9905259D858DF5BF991EB23D2DC9F4ECDA7F9F77839691ACEF1B8C4'
|
|
- 'SHA256=DD4A1253D47DE14EF83F1BC8B40816A86CCF90D1E624C5ADF9203AE9D51D4097'
|
|
- 'SHA256=509628B6D16D2428031311D7BD2ADD8D5F5160E9ECC0CD909F1E82BBBB3234D6'
|
|
- 'SHA256=525D9B51A80CA0CD4C5889A96F857E73F3A80DA1FFBAE59851E0F51BDFB0B6CD'
|
|
- 'SHA256=6DE84CAA2CA18673E01B91AF58220C60AECD5CCCF269725EC3C7F226B2167492'
|
|
- 'SHA256=09BEDBF7A41E0F8DABE4F41D331DB58373CE15B2E9204540873A1884F38BDDE1'
|
|
- 'SHA256=101402D4F5D1AE413DED499C78A5FCBBC7E3BAE9B000D64C1DD64E3C48C37558'
|
|
- 'SHA256=131D5490CEB9A5B2324D8E927FEA5BECFC633015661DE2F4C2F2375A3A3B64C6'
|
|
- 'SHA256=1DDFE4756F5DB9FB319D6C6DA9C41C588A729D9E7817190B027B38E9C076D219'
|
|
- 'SHA256=1E8B0C1966E566A523D652E00F7727D8B0663F1DFDCE3B9A09B9ADFAEF48D8EE'
|
|
- 'SHA256=2BBE65CBEC3BB069E92233924F7EE1F95FFA16173FCEB932C34F68D862781250'
|
|
- 'SHA256=30706F110725199E338E9CC1C940D9A644D19A14F0EB8847712CBA4CACDA67AB'
|
|
- 'SHA256=3124B0411B8077605DB2A9B7909D8240E0D554496600E2706E531C93C931E1B5'
|
|
- 'SHA256=38FA0C663C8689048726666F1C5E019FEAA9DA8278F1DF6FF62DA33961891D2A'
|
|
- 'SHA256=39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E'
|
|
- 'SHA256=3D9E83B189FCF5C3541C62D1F54A0DA0A4E5B62C3243D2989AFC46644056C8E3'
|
|
- 'SHA256=3F2FDA9A7A9C57B7138687BBCE49A2E156D6095DDDABB3454EA09737E02C3FA5'
|
|
- 'SHA256=47F0CDAA2359A63AD1389EF4A635F1F6EEE1F63BDF6EF177F114BDCDADC2E005'
|
|
- 'SHA256=50D5EAA168C077CE5B7F15B3F2C43BD2B86B07B1E926C1B332F8CB13BD2E0793'
|
|
- 'SHA256=56A3C9AC137D862A85B4004F043D46542A1B61C6ACB438098A9640469E2D80E7'
|
|
- 'SHA256=591BD5E92DFA0117B3DAA29750E73E2DB25BAA717C31217539D30FFB1F7F3A52'
|
|
- 'SHA256=5D530E111400785D183057113D70623E17AF32931668AB7C7FC826F0FD4F91A3'
|
|
- 'SHA256=6F1FF29E2E710F6D064DC74E8E011331D807C32CC2A622CBE507FD4B4D43F8F4'
|
|
- 'SHA256=79E2D37632C417138970B4FEBA91B7E10C2EA251C5EFE3D1FC6FA0190F176B57'
|
|
- 'SHA256=85866E8C25D82C1EC91D7A8076C7D073CCCF421CF57D9C83D80D63943A4EDD94'
|
|
- 'SHA256=89B0017BC30CC026E32B758C66A1AF88BD54C6A78E11EC2908FF854E00AC46BE'
|
|
- 'SHA256=9254F012009D55F555418FF85F7D93B184AB7CB0E37AECDFDAB62CFE94DEA96B'
|
|
- 'SHA256=984A77E5424C6D099051441005F2938AE92B31B5AD8F6521C6B001932862ADD7'
|
|
- 'SHA256=98B734DDA78C16EBCAA4AFEB31007926542B63B2F163B2F733FA0D00DBB344D8'
|
|
- 'SHA256=99F4994A0E5BD1BF6E3F637D3225C69FF4CD620557E23637533E7F18D7D6CBA1'
|
|
- 'SHA256=9C10E2EC4F9EF591415F9A784B93DC9C9CDAFA7C69602C0DC860C5B62222E449'
|
|
- 'SHA256=A961F5939088238D76757669A9A81905E33F247C9C635B908DAAC146AE063499'
|
|
- 'SHA256=A9706E320179993DADE519A83061477ACE195DAA1B788662825484813001F526'
|
|
- 'SHA256=B7A20B5F15E1871B392782C46EBCC897929443D82073EE4DCB3874B6A5976B5D'
|
|
- 'SHA256=CC586254E9E89E88334ADEE44E332166119307E79C2F18F6C2AB90CE8BA7FC9B'
|
|
- 'SHA256=CD4A249C3EF65AF285D0F8F30A8A96E83688486AAB515836318A2559757A89BB'
|
|
- 'SHA256=CF4B5FA853CE809F1924DF3A3AE3C4E191878C4EA5248D8785DC7E51807A512B'
|
|
- 'SHA256=D0BD1AE72AEB5F3EABF1531A635F990E5EAAE7FDD560342F915F723766C80889'
|
|
- 'SHA256=D8B58F6A89A7618558E37AFC360CD772B6731E3BA367F8D58734ECEE2244A530'
|
|
- 'SHA256=D92EAB70BCECE4432258C9C9A914483A2267F6AB5CE2630048D3A99E8CB1B482'
|
|
- 'SHA256=E005E8D183E853A27AD3BB56F25489F369C11B0D47E3D4095AAD9291B3343BF1'
|
|
- 'SHA256=E68D453D333854787F8470C8BAEF3E0D082F26DF5AA19C0493898BCF3401E39A'
|
|
- 'SHA256=E83908EBA2501A00EF9E74E7D1C8B4FF1279F1CD6051707FD51824F87E4378FA'
|
|
- 'SHA256=EF86C4E5EE1DBC4F81CD864E8CD2F4A2A85EE4475B9A9AB698A4AE1CC71FBEB0'
|
|
- 'SHA256=F088B2BA27DACD5C28F8EE428F1350DCA4BC7C6606309C287C801B2E1DA1A53D'
|
|
- 'SHA256=FD8669794C67B396C12FC5F08E9C004FDF851A82FAF302846878173E4FBECB03'
|
|
- 'SHA256=91314768DA140999E682D2A290D48B78BB25A35525EA12C1B1F9634D14602B2C'
|
|
- 'SHA256=F0605DDA1DEF240DC7E14EFA73927D6C6D89988C01EA8647B671667B2B167008'
|
|
- 'SHA256=6CB51AE871FBD5D07C5AAD6FF8EEA43D34063089528603CA9CEB8B4F52F68DDC'
|
|
- 'SHA256=DB2A9247177E8CDD50FE9433D066B86FFD2A84301AA6B2EB60F361CFFF077004'
|
|
- 'SHA256=7EC93F34EB323823EB199FBF8D06219086D517D0E8F4B9E348D7AFD41EC9FD5D'
|
|
- 'SHA256=7049F3C939EFE76A5556C2A2C04386DB51DAF61D56B679F4868BB0983C996EBB'
|
|
- 'SHA256=7877C1B0E7429453B750218CA491C2825DAE684AD9616642EFF7B41715C70ACA'
|
|
- 'SHA256=159E7C5A12157AF92E0D14A0D3EA116F91C09E21A9831486E6DC592C93C10980'
|
|
- 'SHA256=3243AAB18E273A9B9C4280A57AECEF278E10BFFF19ABB260D7A7820E41739099'
|
|
- 'SHA256=7CFA5E10DFF8A99A5D544B011F676BC383991274C693E21E3AF40CF6982ADB8C'
|
|
- 'SHA256=C9B49B52B493B53CD49C12C3FA9553E57C5394555B64E32D1208F5B96A5B8C6E'
|
|
- 'SHA256=3EC5AD51E6879464DFBCCB9F4ED76C6325056A42548D5994BA869DA9C4C039A8'
|
|
- 'SHA256=47EAEBC920CCF99E09FC9924FEB6B19B8A28589F52783327067C9B09754B5E84'
|
|
# The list below is from https://github.com/jbaines-r7/dellicious and https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
|
|
- 'SHA256=1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b'
|
|
- 'SHA256=e6056443537d4d2314dabca1b9168f1eaaf17a14eb41f6f5741b6b82b3119790'
|
|
- 'SHA256=76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22'
|
|
- 'SHA256=6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44'
|
|
- 'SHA256=2e6b339597a89e875f175023ed952aaac64e9d20d457bbc07acf1586e7fe2df8'
|
|
- 'SHA256=71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009'
|
|
- 'SHA256=39937d239220c1b779d7d55613de2c0a48bd6e12e0214da4c65992b96cf591df'
|
|
- 'SHA256=7ed26a593524a2a92ffcfb075a42bb4fa4775ffbf83af98525244a4710886ead'
|
|
- 'SHA256=aa717e9ab4d614497df19f602d289a6eddcdba8027c71bcc807780a219347d16'
|
|
- 'SHA256=ff5f6048a3d6f6738b60e911e3876fcbdc9a02ec9862f909345c8a50fd4cc0a7'
|
|
- 'SHA256=11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5'
|
|
- 'SHA256=58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495'
|
|
- 'SHA256=01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd'
|
|
- 'SHA256=22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c'
|
|
- 'SHA256=31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427'
|
|
# The list below is from https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
|
|
- 'SHA256=952199C28332BC90CFD74530A77EE237967ED32B3C71322559C59F7A42187DC4'
|
|
- 'SHA256=9529EFB1837B1005E5E8F477773752078E0A46500C748BC30C9B5084D04082E6'
|
|
- 'SHA256=A7B000ABBCC344444A9B00CFADE7AA22AB92CE0CADEC196C30EB1851AE4FA062'
|
|
- 'SHA256=4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b'
|
|
- 'SHA256=01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece'
|
|
- 'SHA256=9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374'
|
|
- 'SHA256=06bda5a1594f7121acd2efe38ccb617fbc078bb9a70b665a5f5efd70e3013f50'
|
|
- 'SHA256=cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6'
|
|
- 'SHA256=d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e'
|
|
# https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
|
|
- 'SHA256=a7c2e7910942dd5e43e2f4eb159bcd2b4e71366e34a68109548b9fb12ac0f7cc'
|
|
- 'SHA256=2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d'
|
|
- 'SHA256=f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65'
|
|
- 'SHA256=59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347'
|
|
- 'SHA256=552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9'
|
|
- 'SHA256=86a8e0aa29a5b52c84921188cc1f0eca9a7904dcfe09544602933d8377720219'
|
|
- 'SHA256=1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8'
|
|
- 'SHA256=60c6f4f34c7319cb3f9ca682e59d92711a05a2688badbae4891b1303cd384813'
|
|
- 'SHA256=55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a'
|
|
- 'SHA256=42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f'
|
|
- 'SHA256=bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc'
|
|
- 'SHA256=b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de'
|
|
- 'SHA256=314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073'
|
|
- 'SHA256=65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890'
|
|
- 'SHA256=19a212e6fc324f4cb9ee5eba60f5c1fc0191799a4432265cbeaa3307c76a7fc0'
|
|
- 'SHA256=a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200'
|
|
- 'SHA256=677c0b1add3990fad51f492553d3533115c50a242a919437ccb145943011d2bf'
|
|
- 'SHA256=fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2'
|
|
- 'SHA256=ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173'
|
|
- 'SHA256=18e1707b319c279c7e0204074088cc39286007a1cf6cb6e269d5067d8d0628c6'
|
|
- 'SHA256=c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8'
|
|
- 'SHA256=afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508'
|
|
- 'SHA256=a899b659b08fbae30b182443be8ffb6a6471c1d0497b52293061754886a937a3'
|
|
- 'SHA256=1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52'
|
|
- 'SHA256=7133a461aeb03b4d69d43f3d26cd1a9e3ee01694e97a0645a3d8aa1a44c39129'
|
|
- 'SHA256=32e1a8513eee746d17eb5402fb9d8ff9507fb6e1238e7ff06f7a5c50ff3df993'
|
|
- 'SHA256=082c39fe2e3217004206535e271ebd45c11eb072efde4cc9885b25ba5c39f91d'
|
|
- 'SHA256=65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd'
|
|
- 'SHA256=f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35'
|
|
- 'SHA256=9f1229cd8dd9092c27a01f5d56e3c0d59c2bb9f0139abf042e56f343637fda33'
|
|
- 'SHA256=b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29'
|
|
# The list below is derived from the ELASTIC yara rules https://github.com/elastic/protections-artifacts/search?q=VulnDriver
|
|
# These are the hashes mentioned in the "reference_sample" section that ELASTIC used to create their rules
|
|
- 'SHA256=3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838'
|
|
- 'SHA256=3c5bf92c26398695f9ced7ce647a7e9f6ddcc89eea66b45aa3607196a187431b'
|
|
- 'SHA256=478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82'
|
|
- 'SHA256=4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7'
|
|
- 'SHA256=b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038'
|
|
- 'SHA256=ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89'
|
|
- 'SHA256=73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e'
|
|
- 'SHA256=87e38e7aeaaaa96efe1a74f59fca8371de93544b7af22862eb0e574cec49c7c3'
|
|
- 'SHA256=2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6'
|
|
- 'SHA256=43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89'
|
|
- 'SHA256=e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf'
|
|
- 'SHA256=1dadd707c55413a16320dc70d2ca7784b94c6658331a753b3424ae696c5d93ea'
|
|
- 'SHA256=d84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5'
|
|
- 'SHA256=5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a'
|
|
- 'SHA256=0f726d8ce21c0c9e01ebe6b55913c519ad6086bcaec1a89f8308f3effacd435f'
|
|
- 'SHA256=95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3'
|
|
- 'SHA256=0e14a4401011a9f4e444028ac5b1595da34bbbf9af04a00670f15ff839734003'
|
|
- 'SHA256=26c86227d3f387897c1efd77dc711eef748eb90be84149cb306e3d4c45cc71c7'
|
|
- 'SHA256=42d926cfb3794f9b1e3cb397498696cb687f505e15feb9df11b419c49c9af498'
|
|
- 'SHA256=1684e24dae20ab83ab5462aa1ff6473110ec53f52a32cfb8c1fe95a2642c6d22'
|
|
- 'SHA256=9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4'
|
|
- 'SHA256=440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c'
|
|
- 'SHA256=e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53'
|
|
- 'SHA256=3a364a7a3f6c0f2f925a060e84fb18b16c118125165b5ea6c94363221dc1b6de'
|
|
- 'SHA256=fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330'
|
|
- 'SHA256=3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46'
|
|
- 'SHA256=175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347'
|
|
- 'SHA256=8596ea3952d84eeef8f5dc5b0b83014feb101ec295b2d80910f21508a95aa026'
|
|
- 'SHA256=52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15'
|
|
- 'SHA256=543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91'
|
|
- 'SHA256=e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf'
|
|
- 'SHA256=1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c'
|
|
- 'SHA256=cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64'
|
|
- 'SHA256=3ed15a390d8dfbd8a8fb99e8367e19bfd1cced0e629dfe43ccdb46c863394b59'
|
|
- 'SHA256=8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6'
|
|
- 'SHA256=eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b'
|
|
- 'SHA256=37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9'
|
|
- 'SHA256=32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351'
|
|
- 'SHA256=c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5'
|
|
- 'SHA256=ff803017d1acafde6149fe7d463aee23b1c4f6f3b97c698c05f3ca6f07e4df6c'
|
|
- 'SHA256=000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b'
|
|
- 'SHA256=0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05'
|
|
- 'SHA256=a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433'
|
|
# https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html
|
|
- 'SHA256=da6ca1fb539f825ca0f012ed6976baf57ef9c70143b7a1e88b4650bf7a925e24'
|
|
- 'SHA256=9c2977d63faa340b03e1bbfb8a6db19c0adfa60ff6579b888ece10022c94c3ec'
|
|
- 'SHA256=771a8d05f1af6214e0ef0886662be500ee910ab99f0154227067fddcfe08a3dd'
|
|
- 'SHA256=927c2a580d51a598177fa54c65e9d2610f5f212f1b6cb2fbf2740b64368f010a'
|
|
- 'SHA256=42851a01469ba97cdc38939b10cf9ea13237aa1f6c37b1ac84904c5a12a81fa0'
|
|
- 'SHA256=e6db8a1c9d82d18b948c7135439fdeaa9bc02ea97509e3534de65e5481489220'
|
|
- 'SHA256=1062211314088012edb9fe65780e35e7b3144ac45021269fc993ef2931c8584b'
|
|
- 'SHA256=029dbf6d8dc920a32b3c7a2057513d3741b20b7f6e7aa23b113859a8049214df'
|
|
- 'SHA256=1d053020079124ac526d84affb17bf4a1563ecd872c83b4b6299c9aa6a732557'
|
|
- 'SHA256=c059f1b2b73ecab48d62f469d48dbde74a80c4ada07f0bd3b417ec4e044fb522'
|
|
- 'SHA256=a66d2fb7ef7350ea74d4290c57fb62bc59c6ea93f759d4ca93c3febca7aeb512'
|
|
# Vuln driver version obtained from: https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part
|
|
# Version hash obtained from: https://winbindex.m417z.com/?arch=&file=clfs.sys
|
|
- 'SHA256=5d712d3fad791bdc67502ed7c6586ca39d12ae26c7b245c36effec92e3cda08e'
|
|
# Powertool Drivers obtained from VT by pivoting on the Imphash: f5030145594c486434040aa2636a5dde
|
|
- 'SHA256=e61004335dfe7349f2b2252baa1e111fb47c0f2d6c78a060502b6fcc92f801e4'
|
|
- 'SHA256=7c0f77d103015fc29379ba75d133dc3450d557b0ba1f7495c6b43447abdae230'
|
|
- 'SHA256=97363f377aaf3c01641ac04a15714acbec978afb1219ac8f22c7e5df7f2b2d56'
|
|
- 'SHA256=8e6363a6393eb4234667c6f614b2072e33512866b3204f8395bbe01530d63f2f'
|
|
- 'SHA256=09b0e07af8b17db1d896b78da4dd3f55db76738ee1f4ced083a97d737334a184'
|
|
- 'SHA256=2a4f4400402cdc475d39389645ca825bb0e775c3ecb7c527e30c5be44e24af7d'
|
|
# Vuln Intel Driver CVE-2015-2291
|
|
- 'SHA256=5f69d6b167a1eeca3f6ac64785c3c01976ee7303171faf998d65852056988683'
|
|
- 'SHA256=f877296e8506e6a1acbdacdc5085b18c6842320a2775a329d286bac796f08d54'
|
|
- 'SHA256=2d2c7ee9547738a8a676ab785c151e8b48ed40fe7cf6174650814c7f5f58513b'
|
|
- 'SHA256=1ae328c88cf49072c125f41b16c2a2063203b21164245e2850ca491bdd4a522e'
|
|
- 'SHA256=84b4e202c6ce1b08cda1b5e7cd3c3b073155120d80141b2055a1a98a4a18dc42'
|
|
- 'SHA256=0ea78cb430fbf8ef4c9f3d1eadf2b057939081b1367bc6610e918fa3c6d8920c'
|
|
- 'SHA256=a2571531c6b384003bad06003be01e75fcd489b7b2d04c3d072b10f08f50b33b'
|
|
- 'SHA256=4d07f9ecd2540218194874427155a4dc82613574672b55257a321f80e7c9f219'
|
|
- 'SHA256=6d14ae56e140c02f5d1e6df5351b87ac0f4b7e9dc5a3d778a1e399cb7878802a'
|
|
- 'SHA256=c4310708ee81058286be30db1b1d93deab62a37eaa7974750a7ffbe798eed747'
|
|
- 'SHA256=d3d88be19bbb889af859c6189b0750a4e527891f95b0dd2e33cb987ec9784f34'
|
|
- 'SHA256=3313e8d7f276a48fbc9cbdb5bcd013fd79a674da6638327c6342a5c5a3bfa893'
|
|
selection_other:
|
|
- sha1:
|
|
# The list below is from https://github.com/namazso/physmem_drivers and the SHA1 are from VT
|
|
- '2261198385d62d2117f50f631652eded0ecc71db'
|
|
- '8db869c0674221a2d3280143cbb0807fac08e0cc'
|
|
- '27d3ebea7655a72e6e8b95053753a25db944ec0f'
|
|
- '33cdab3bbc8b3adce4067a1b042778607dce2acd'
|
|
- '21e6c104fe9731c874fab5c9560c929b2857b918'
|
|
- 'd979353d04bf65cc92ad3412605bc81edbb75ec2'
|
|
- '2f991435a6f58e25c103a657d24ed892b99690b8'
|
|
- 'f02af84393e9627ba808d4159841854a6601cf80'
|
|
- 'bb962c9a8dda93e94fef504c4159de881e4706fe'
|
|
- 'b97a8d506be2e7eaa4385f70c009b22adbd071ba'
|
|
- '92f251358b3fe86fd5e7aa9b17330afa0d64a705'
|
|
- '8b6aa5b2bff44766ef7afbe095966a71bc4183fa'
|
|
- 'af6e1f2cfb230907476e8b2d676129b6d6657124'
|
|
- 'fcde5275ee1913509927ce5f0f85e6681064c9d2'
|
|
- '00a442a4305c62cefa8105c0b4c4a9a5f4d1e93b'
|
|
- '6523b3fd87de39eb5db1332e4523ce99556077dc'
|
|
- '72966ca845759d239d09da0de7eebe3abe86fee3'
|
|
- '57511ef5ff8162a9d793071b5bf7ebe8371759de'
|
|
- '2d503a2457a787014a1fdd48a2ece2e6cbe98ea7'
|
|
- '400f833dcc2ef0a122dd0e0b1ec4ec929340d90e'
|
|
- '89cd760e8cb19d29ee08c430fb17a5fd4455c741'
|
|
- '1d0df45ee3fa758f0470e055915004e6eae54c95'
|
|
- 'd5fd9fe10405c4f90235e583526164cd0902ed86'
|
|
- 'c52cef5b9e1d4a78431b7af56a6fdb6aa1bcad65'
|
|
- '609fa1efcf61e26d64a5ceb13b044175ab2b3a13'
|
|
- '7d7c03e22049a725ace2a9812c72b53a66c2548b'
|
|
- 'f9519d033d75e1ab6b82b2e156eafe9607edbcfb'
|
|
- '468e2e5505a3d924b14fedee4ddf240d09393776'
|
|
- '2e3de9bff43d7712707ef8a0b10f7e4ad8427fd8'
|
|
- 'c9cbfdd0be7b35751a017ec59ff7237ffdc4df1f'
|
|
- '078ae07dec258db4376d5a2a05b9b508d68c0123'
|
|
- '623cd2abef6c92255f79cbbd3309cb59176771da'
|
|
- '1f3a9265963b660392c4053329eb9436deeed339'
|
|
- '4a235f0b84ff615e2879fa9e0ec0d745fcfdaa5c'
|
|
- 'ace6b9e34e3e2e73fe584f3bbdb4e4ec106e0a7d'
|
|
- '4268f30b79ce125a81d0d588bef0d4e2ad409bbb'
|
|
- 'c834c4931b074665d56ccab437dfcc326649d612'
|
|
- '8f5cd4a56e6e15935491aa40adb1ecad61eafe7c'
|
|
- '51b60eaa228458dee605430aae1bc26f3fc62325'
|
|
- '3270720a066492b046d7180ca6e60602c764cac7'
|
|
- '2a6e6bd51c7062ad24c02a4d2c1b5e948908d131'
|
|
- '19bd488fe54b011f387e8c5d202a70019a204adf'
|
|
- 'a6fe4f30ca7cb94d74bc6d42cdd09a136056952e'
|
|
- 'ea877092d57373cb466b44e7dbcad4ce9a547344'
|
|
- '205c69f078a563f54f4c0da2d02a25e284370251'
|
|
- 'f9feb60b23ca69072ce42264cd821fe588a186a6'
|
|
- 'b25170e09c9fb7c0599bfba3cf617187f6a733ac'
|
|
- '160c96b5e5db8c96b821895582b501e3c2d5d6e7'
|
|
- 'a2e0b3162cfa336cd4ab40a2acc95abe7dc53843'
|
|
- '4e826430a1389032f3fe06e2cc292f643fb0c417'
|
|
- '7ab4565ba24268f0adadb03a5506d4eb1dc7c181'
|
|
- 'dc7b022f8bd149efbcb2204a48dce75c72633526'
|
|
- '0307d76750dd98d707c699aee3b626643afb6936'
|
|
- '5711c88e9e64e45b8fc4b90ab6f2dd6437dc5a8a'
|
|
- '6714380bc0b8ab09b9a0d2fa66d1b025b646b946'
|
|
- '8626ab1da6bfbdf61bd327eb944b39fd9df33d1d'
|
|
- '30a224b22592d952fbe2e6ad97eda4a8f2c734e0'
|
|
- 'c95db1e82619fb16f8eec9a8209b7b0e853a4ebe'
|
|
- 'fe1d909ab38de1389a2a48352fd1c8415fd2eab0'
|
|
- 'b4d1554ec19504215d27de0758e13c35ddd6db3e'
|
|
- '5dd2c31c4357a8b76db095364952b3d0e3935e1d'
|
|
- 'ecb4d096a9c58643b02f328d2c7742a38e017cf0'
|
|
- '4a705af959af61bad48ef7579f839cb5ebd654d2'
|
|
- 'd2e6fc9259420f0c9b6b1769be3b1f63eb36dc57'
|
|
- 'c948ae14761095e4d76b55d9de86412258be7afd'
|
|
- 'ddbe809b731a0962e404a045ab9e65a0b64917ad'
|
|
- '745bad097052134548fe159f158c04be5616afc2'
|
|
- '8d59fd14a445c8f3f0f7991fa6cd717d466b3754'
|
|
- '2dfcb799b3c42ecb0472e27c19b24ac7532775ce'
|
|
- 'cc51be79ae56bc97211f6b73cc905c3492da8f9d'
|
|
- 'ac13941f436139b909d105ad55637e1308f49d9a'
|
|
- '2b0bb408ff0e66bcdf6574f1ca52cbf4015b257b'
|
|
- 'cc0e0440adc058615e31e8a52372abadf658e6b1'
|
|
- '5520ac25d81550a255dc16a0bb89d4b275f6f809'
|
|
- '6afc6b04cf73dd461e4a4956365f25c1f1162387'
|
|
- '4b009e91bae8d27b160dc195f10c095f8a2441e1'
|
|
- '6003184788cd3d2fc624ca801df291ccc4e225ee'
|
|
- '0466e90bf0e83b776ca8716e01d35a8a2e5f96d3'
|
|
- 'e6305dddd06490d7f87e3b06d09e9d4c1c643af0'
|
|
- '89909fa481ff67d7449ee90d24c167b17b0612f1'
|
|
- 'd7e8aef8c8feb87ce722c0b9abf34a7e6bab6eb4'
|
|
- '5e6ddd2b39a3de0016385cbd7aa50e49451e376d'
|
|
- '976777d39d73034df6b113dfce1aa6e1d00ffcfd'
|
|
- '9c6749fc6c1127f8788bff70e0ce9062959637c9'
|
|
- '53acd4d9e7ba0b1056cf52af0d191f226eddf312'
|
|
- '3abb9d0a9d600200ae19c706e570465ef0a15643'
|
|
- '27eab595ec403580236e04101172247c4f5d5426'
|
|
- '78b9481607ca6f3a80b4515c432ddfe6550b18a8'
|
|
- '414cd15d6c991d19fb5be02e3b9fb0e6c5ce731c'
|
|
- 'd9c09dd725bc7bc3c19b4db37866015817a516ef'
|
|
- '9c256edd10823ca76c0443a330e523027b70522d'
|
|
- '35829e096a15e559fcbabf3441d99e580ca3b26e'
|
|
- 'b8de3a1aeeda9deea43e3f768071125851c85bd0'
|
|
- '054a50293c7b4eea064c91ef59cf120d8100f237'
|
|
- 'd94f2fb3198e14bfe69b44fb9f00f2551f7248b2'
|
|
- '01a578a3a39697c4de8e3dab04dba55a4c35163e'
|
|
- '14bf0eaa90e012169745b3e30c281a327751e316'
|
|
- 'f50c6b84dfb8f2d53ba3bce000a55f0a486c0e79'
|
|
- '6100eb82a25d64a7a7702e94c2b21333bc15bd08'
|
|
- 'bf87e32a651bdfd9b9244a8cf24fca0e459eb614'
|
|
- '28b1c0b91eb6afd2d26b239c9f93beb053867a1a'
|
|
- '879fcc6795cebe67718388228e715c470de87dca'
|
|
- '1f7501e01d84a2297c85cb39880ec4e40ac3fe8a'
|
|
- '152b6bb9ffd2ffec00cc46f5c6e29362d0e66e67'
|
|
- '5f8356ffa8201f338dd2ea979eb47881a6db9f03'
|
|
- 'a7bd05de737f8ea57857f1e0845a25677df01872'
|
|
- 'cce9b82f01ec68f450f5fe4312f40d929c6a506e'
|
|
- 'e35a2b009d54e1a0b231d8a276251f64231b66a3'
|
|
- '37364cb5f5cefd68e5eca56f95c0ab4aff43afcc'
|
|
- 'd62fa51e520022483bdc5847141658de689c0c29'
|
|
- '93aa3bb934b74160446df3a47fa085fd7f3a6be9'
|
|
- 'ec4cc6de4c779bb1ca1dd32ee3a03f7e8d633a9b'
|
|
- '35f1ba60ba0da8512a0b1b15ee8e30fe240d77cd'
|
|
- '3805e4e08ad342d224973ecdade8b00c40ed31be'
|
|
- '65d8a7c2e867b22d1c14592b020c548dd0665646'
|
|
- 'c8d87f3cd34c572870e63a696cf771580e6ea81b'
|
|
- 'c4d7fb9db3c3459f7e8c0e3d48c95c7c9c4cff60'
|
|
- 'd34a7c497c603f3f7fcad546dc4097c2da17c430'
|
|
- '1fd7f881ea4a1dbb5c9aeb9e7ad659a85421745b'
|
|
- '0b8b83f245d94107cb802a285e6529161d9a834d'
|
|
- 'c969f1f73922fd95db1992a5b552fbc488366a40'
|
|
- 'ac600a2bc06b312d92e649b7b55e3e91e9d63451'
|
|
- 'da9cea92f996f938f699902482ac5313d5e8b28e'
|
|
- '33285b2e97a0aeb317166cce91f6733cf9c1ad53'
|
|
- '21edff2937eb5cd6f6b0acb7ee5247681f624260'
|
|
- 'f052dc35b74a1a6246842fbb35eb481577537826'
|
|
- 'f0c463d29a5914b01e4607889094f1b7d95e7aaf'
|
|
- '0c26ab1299adcd9a385b541ef1653728270aa23e'
|
|
- 'f36a47edfacd85e0c6d4d22133dd386aee4eec15'
|
|
- '460008b1ffd31792a6deadfa6280fb2a30c8a5d2'
|
|
- '738b7918d85e5cb4395df9e3f6fc94ddad90e939'
|
|
- '43419df1f9a07430a18c5f3b3cc74de621be0f8e'
|
|
- '558aad879b6a47d94a968f39d0a4e3a3aaef1ef1'
|
|
- '7fb52290883a6b69a96d480f2867643396727e83'
|
|
# The list below is from https://github.com/jbaines-r7/dellicious and https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
|
|
- 'f5696fb352a3fbd14fb1a89ad21a71776027f9ab'
|
|
- '693a2645c28fc3b248fda95179c36c3ac64f6fc2'
|
|
- '05c0c49e8bcf11b883d41441ce87a2ee7a3aba1d'
|
|
- 'd25340ae8e92a6d29f599fef426a2bc1b5217299'
|
|
- '7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c'
|
|
- 'fe10018af723986db50701c8532df5ed98b17c39'
|
|
- 'bfe55cacc7c56c9f7bd75bdb4b352c0b745d071b'
|
|
- 'a21c84c6bf2e21d69fa06daaf19b4cc34b589347'
|
|
- '82ba5513c33e056c3f54152c8555abf555f3e745'
|
|
- 'd098600152e5ee6a8238d414d2a77a34da8afaaa'
|
|
- '64e4ac8b9ea2f050933b7ec76a55dd04e97773b4'
|
|
- 'bbc1e5fd826961d93b76abd161314cb3592c4436'
|
|
- '90a76945fd2fa45fab2b7bcfdaf6563595f94891'
|
|
- 'b03b1996a40bfea72e4584b82f6b845c503a9748'
|
|
- 'c771ea59f075170e952c393cfd6fc784b265027c'
|
|
- 'cb44c6f0ee51cb4c5836499bc61dd6c1fbdf8aa1'
|
|
- '0918277fcdc64a9dc51c04324377b3468fa1269b'
|
|
- 'b09bcc042d60d2f4c0d08284818ed198cededa04'
|
|
# The list below is from https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
|
|
- '8dc2097a90eb7e9d6ee31a7c7a95e7a0b2093b89'
|
|
- '15df139494d2c40a645fb010908551185c27f3c5'
|
|
- '012db3a80faf1f7f727b538cbe5d94064e7159de'
|
|
- 'd04e5db5b6c848a29732bfd52029001f23c3da75'
|
|
- '490109fa6739f114651f4199196c5121d1c6bdf2'
|
|
- 'b4d014b5edd6e19ce0e8395a64faedf49688ecb5'
|
|
- 'a87d6eac2d70a3fbc04e59412326b28001c179de'
|
|
- '3f223581409492172a1e875f130f3485b90fbe5f'
|
|
- '5db61d00a001fd493591dc919f69b14713889fc5'
|
|
# https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
|
|
- '9923c8f1e565a05b3c738d283cf5c0ed61a0b90f'
|
|
- '15d1a6a904c8409fb47a82aefa42f8c3c7d8c370'
|
|
- '9d07df024ec457168bf0be7e0009619f6ac4f13c'
|
|
- '9a35ae9a1f95ce4be64adc604c80079173e4a676'
|
|
- 'c6bd965300f07012d1b651a9b8776028c45b149a'
|
|
- 'e83458c4a6383223759cd8024e60c17be4e7c85f'
|
|
- 'cb3de54667548a5c9abf5d8fa47db4097fcee9f1'
|
|
- '9c24dd75e4074041dbe03bf21f050c77d748b8e9'
|
|
- 'dc55217b6043d819eadebd423ff07704ee103231'
|
|
- 'e92817a8744ebc4e4fa5383cdce2b2977f01ecd4'
|
|
- 'dc0e97adb756c0f30b41840a59b85218cbdd198f'
|
|
- '26c4a7b392d7e7bd7f0a2a758534e45c0d9a56ab'
|
|
- 'd0d39e1061f30946141b6ecfa0957f8cc3ddeb63'
|
|
- 'c6d349823bbb1f5b44bae91357895dba653c5861'
|
|
- 'f42f28d164205d9f6dab9317c9fecad54c38d5d2'
|
|
- 'bbc0b9fd67c8f4cefa3d76fcb29ff3cef996b825'
|
|
- '8183a341ba6c3ce1948bf9be49ab5320e0ee324d'
|
|
- 'eb1ecad3d37bb980f908bf1a912415cff32e79e6'
|
|
- 'eb0d45aa6f537f5b2f90f3ad99013606eafcd162'
|
|
- '6053d258096bccb07cb0057d700fe05233ab1fbb'
|
|
- '29a190727140f40cea9514a6420f5a195e36386b'
|
|
- 'a4b2c56c12799855162ca3b004b4b2078c6ecf77'
|
|
- '7667b72471689151e176baeba4e1cd9cd006a09a'
|
|
- 'd7f7594ff084201c0d9fa2f4ef1626635b67bce5'
|
|
- '99201c9555e5faf6e8d82da793b148311f8aa4b8'
|
|
- '947db58d6f36a8df9fa2a1057f3a7f653ccbc42e'
|
|
- '6a3d3b9ab3d201cd6b0316a7f9c3fb4d34d0f403'
|
|
- 'd702d88b12233be9413446c445f22fda4a92a1d9'
|
|
- '910cb12aa49e9f35ecc4907e8304adf0dcca8cf1'
|
|
- '643383938d5e0d4fd30d302af3e9293a4798e392'
|
|
- 'c4ed28fdfba7b8a8dfe39e591006f25d39990f07'
|
|
# The list below is derived from the ELASTIC yara rules https://github.com/elastic/protections-artifacts/search?q=VulnDriver
|
|
# These are the hashes mentioned in the "reference_sample" section that ELASTIC used to create their rules
|
|
- 'b0032b8d8e6f4bd19a31619ce38d8e010f29a816'
|
|
- 'db6245578ec57bd767b27ecf8085095e1c8e5a6e'
|
|
- '166759fd511613414d3213942fe2575b926a6226'
|
|
- '02a8b74899591da7b7f49c0450328d39b939d7e4'
|
|
- '98ceed786f79288becc08c3b82c57e8d4bfa1bca'
|
|
- 'f6b3577ea4b1a5641ae3421151a26268434c3db8'
|
|
- '4de33d03fee52f396a1c788000ca868d56ac30de'
|
|
- 'c6920171fa6dff2c17eb83befb5fd28e8dddf5f0'
|
|
- 'fbc6d2448739ddec35bb5d6c94b46df4148f648d'
|
|
- '6b54f8f137778c1391285fee6150dfa58a8120b1'
|
|
- '943593e880b4d340f2548548e6e673ef6f61eed3'
|
|
- '5ac4d0e2381fc4a8aebe94a0fb6fe5e7558e4dcd'
|
|
- 'e44297a2b750ec1958bef265e2f1ae6fa4323b28'
|
|
- 'aa2ea973bb248b18973e57339307cfb8d309f687'
|
|
- '3a5d176c50f97b71d139767ed795d178623f491d'
|
|
- '25d812a5ece19ea375178ef9d60415841087726e'
|
|
- '3795e32592ab6d8074b6f7ad33759c6a39b0df07'
|
|
- 'fc121ed6fb37e97a004b6faf217435b772dfc4c0'
|
|
- 'ab2b8602e4baef828b58b995d0889a8e5b8dbd02'
|
|
- 'cf040040628b58f4a811f98c2690913c1e8e4e3c'
|
|
- '3296844d22c87dd5eba3aa378a8242b41d59db7a'
|
|
- 'bc47e15537fa7c32dfefd23168d7e1741f8477ed'
|
|
- 'cb22723faa5ae2809476e5c5e9b9a597b26cab9b'
|
|
- 'f3c5e723ae009b336cd2719137b8cd194c9ee51d'
|
|
- '41f2d0f9863bce8920c207b1ef5d3d32b603edef'
|
|
- 'eb93d2f564fea9b3dc350f386b45de2cd9a3e001'
|
|
- '3cd037fbba8aae82c1b111c9f8755349c98bcb3c'
|
|
- '9401389fba314d1810f83edce33c37e84a78e112'
|
|
- '7eb34cc1fcffb4fdb5cb7e97184dd64a65cb9371'
|
|
- '16d7ecf09fc98798a6170e4cef2745e0bee3f5c7'
|
|
- 'fcd615df88645d1f57ff5702bd6758b77efea6d0'
|
|
- 'f3db629cfe37a73144d5258e64d9dd8b38084cf4'
|
|
- 'a00e444120449e35641d58e62ed64bb9c9f518d2'
|
|
- '38571f14fc014487194d1eecfa80561ee8644e09'
|
|
- '4d41248078181c7f61e6e4906aa96bbdea320dc2'
|
|
- '3599ea2ac1fa78f423423a4cf90106ea0938dde8'
|
|
- '3d6d53b0f1cc908b898610227b9f1b9352137aba'
|
|
- '4c18754dca481f107f0923fb8ef5e149d128525d'
|
|
- '8c377ab4eebc5f4d8dd7bb3f90c0187dfdd3349f'
|
|
- 'cde32654a041fedc7b0fa1083f6005b950760062'
|
|
- '5fb9421be8a8b08ec395d05e00fd45eb753b593a'
|
|
- 'b480c54391a2a2f917a44f91a5e9e4590648b332'
|
|
- '4f7a8e26a97980544be634b26899afbefb0a833c'
|
|
# https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html
|
|
- 'c1d5cf8c43e7679b782630e93f5e6420ca1749a7'
|
|
- 'a7e9a4686aa7291331e2c8708882c8d81d05264f' #ATSZIO.sys
|
|
- '7ba19a701c8af76988006d616a5f77484c13cb0a'
|
|
- '4243dbbf6e5719d723f24d0f862afd0fcb40bc35'
|
|
- '00b4e8b7644d1bf93f5ddb5740b444b445e81b02'
|
|
- 'fd833f3fe2fa396878033b9e6054725248bf9881'
|
|
- 'db446af0e34259e95f4db112a9f06177e1eef4e0'
|
|
- '39d7b121bc654a0de891225e0f8b7b5537c24931'
|
|
- 'd0a228ed8af190dec0c1a812e212f5e68ee3b43e'
|
|
- '7d2fc1a6729521e5c76f659e4c398e2061f7ed5e'
|
|
- 'f999709e5b00a68a0f4fa912619fe6548ad0c42d'
|
|
# Vuln driver version obtained from: https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part
|
|
# Version hash obtained from: https://winbindex.m417z.com/?arch=&file=clfs.sys
|
|
- '06232f7ea7ea24102d452427aedbbc8b8e188a0c'
|
|
# Powertool Drivers obtained from VT by pivoting on the Imphash: f5030145594c486434040aa2636a5dde
|
|
- 'a380aeb3ffaecc53ca48bb1d4d622c46f1de7962'
|
|
- '4927d843577bada119a17b249ff4e7f5e9983a92'
|
|
- 'e5114fd50904c7fb75d8c86367b9a2dd4f79dfb1'
|
|
- '3ccf1f3ac636a5e21b39ede48ff49fa23e05413f'
|
|
- '755349d56cdd668ca22eebc4fc89f0cccef47327'
|
|
- '56af49e030eb85528e82849d7d1b6147f3c4973e'
|
|
# Vuln Intel Driver CVE-2015-2291
|
|
- '45a9f95a7a018925148152b888d09d478d56bbf5'
|
|
- '540b9f9a232b9d597138b8e0f33d83f5f6e247af'
|
|
- 'bdfb25cc4ed569dc0d5849545eb4abe08539029f'
|
|
- '28da2ac7c82b999c53f99d55331cfa3624a0bc6f'
|
|
- '5d5f92fba0f39826b527f335a7cca7d363758410'
|
|
- '1858ab7ad1947f5c24b9c913cd975e6dbb536865'
|
|
- '0f2aa3bfdfd699e258382ea1b3c1db1ad7211023'
|
|
- '886a9c16b871da42cdb54c6738a8e088be8b989f'
|
|
- 'c24883645c0589f6171e8ee10080750ac66d75e6'
|
|
- '36d3b09e19477d807a6a5efff89aa6cc8b71bdeb'
|
|
- 'e58dd758e28218e1edb33cd88bb97504972ee221'
|
|
- 'd782ef79266179d2247807857877fabb2e402be5'
|
|
- sha256:
|
|
# The list below is from https://github.com/namazso/physmem_drivers
|
|
- '04A85E359525D662338CAE86C1E59B1D7AA9BD12B920E8067503723DC1E03162'
|
|
- '05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748'
|
|
- '4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA'
|
|
- '6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA'
|
|
- '8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F'
|
|
- 'B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414'
|
|
- '7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D'
|
|
- '7F375639A0DF7FE51E5518CF87C3F513C55BC117DB47D28DA8C615642EB18BFA'
|
|
- '42579A759F3F95F20A2C51D5AC2047A2662A2675B3FB9F46C1ED7F23393A0F00'
|
|
- '2DA330A2088409EFC351118445A824F11EDBE51CF3D653B298053785097FE40E'
|
|
- '436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7'
|
|
- 'B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602'
|
|
- 'DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8'
|
|
- 'B48A309EE0960DA3CAAAAF1E794E8C409993AEB3A2B64809F36B97AAC8A1E62A'
|
|
- '025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4'
|
|
- '2AA1B08F47FBB1E2BD2E4A492F5D616968E703E1359A921F62B38B8E4662F0C4'
|
|
- 'ECE0A900EA089E730741499614C0917432246CEB5E11599EE3A1BB679E24FD2C'
|
|
- 'F40435488389B4FB3B945CA21A8325A51E1B5F80F045AB019748D0EC66056A8B'
|
|
- '2A652DE6B680D5AD92376AD323021850DAB2C653ABF06EDF26120F7714B8E08A'
|
|
- '950A4C0C772021CEE26011A92194F0E58D61588F77F2873AA0599DFF52A160C9'
|
|
- '0AAFA9F47ACF69D46C9542985994FF5321F00842A28DF2396D4A3076776A83CB'
|
|
- '47F08F7D30D824A8F4BB8A98916401A37C0FD8502DB308ABA91FE3112B892DCC'
|
|
- 'B9A4E40A5D80FEDD1037EAED958F9F9EFED41EB01ADA73D51B5DCD86E27E0CBF'
|
|
- '5C04C274A708C9A7D993E33BE3EA9E6119DC29527A767410DBAF93996F87369A'
|
|
- '0040153302B88BEE27EB4F1ECA6855039E1A057370F5E8C615724FA5215BADA3'
|
|
- '3326E2D32BBABD69FEB6024809AFC56C7E39241EBE70A53728C77E80995422A5'
|
|
- '36B9E31240AB0341873C7092B63E2E0F2CAB2962EBF9B25271C3A1216B7669EB'
|
|
- '29E0062A017A93B2F2F5207A608A96DF4D554C5DE976BD0276C2590A03BD3E94'
|
|
- '45ABDBCD4C0916B7D9FAAF1CD08543A3A5178871074628E0126A6EDA890D26E0'
|
|
- '50DB5480D0392A7DD6AB5DF98389DC24D1ED1E9C98C9C35964B19DABCD6DC67F'
|
|
- '607DC4C75AC7AEF82AE0616A453866B3B358C6CF5C8F9D29E4D37F844306B97C'
|
|
- '61D6E40601FA368800980801A662A5B3B36E3C23296E8AE1C85726A56EF18CC8'
|
|
- '74A846C61ADC53692D3040AFF4C1916F32987AD72B07FE226E9E7DBEFF1036C4'
|
|
- '76FB4DEAEE57EF30E56C382C92ABFFE2CF616D08DBECB3368C8EE6B02E59F303'
|
|
- '81939E5C12BD627FF268E9887D6FB57E95E6049F28921F3437898757E7F21469'
|
|
- '9790A7B9D624B2B18768BB655DDA4A05A9929633CEF0B1521E79E40D7DE0A05B'
|
|
- '9A1D66036B0868BBB1B2823209FEDEA61A301D5DD245F8E7D390BD31E52D663E'
|
|
- 'AA9AB1195DC866270E984F1BED5E1358D6EF24C515DFDB6C2A92D1E1B94BF608'
|
|
- 'AF095DE15A16255CA1B2C27DAD365DFF9AC32D2A75E8E288F5A1307680781685'
|
|
- 'D5586DC1E61796A9AE5E5D1CED397874753056C3DF2EB963A8916287E1929A71'
|
|
- 'D8459F7D707C635E2C04D6D6D47B63F73BA3F6629702C7A6E0DF0462F6478AE2'
|
|
- 'E81230217988F3E7EC6F89A06D231EC66039BDBA340FD8EBB2BBB586506E3293'
|
|
- 'F88EBB633406A086D9CCA6BC8B66A4EA940C5476529F9033A9E0463512A23A57'
|
|
- '1C8DFA14888BB58848B4792FB1D8A921976A9463BE8334CFF45CC96F1276049A'
|
|
- '22418016E980E0A4A2D01CA210A17059916A4208352C1018B0079CCB19AAF86A'
|
|
- '405472A8F9400A54BB29D03B436CCD58CFD6442FE686F6D2ED4F63F002854659'
|
|
- '49F75746EEBE14E5DB11706B3E58ACCC62D4034D2F1C05C681ECEF5D1AD933BA'
|
|
- '4A3D4DB86F580B1680D6454BAEE1C1A139E2DDE7D55E972BA7C92EC3F555DCE2'
|
|
- '4AB41816ABBF14D59E75B7FAD49E2CB1C1FEB27A3CB27402297A2A4793FF9DA7'
|
|
- '54841D9F89E195196E65AA881834804FE3678F1CF6B328CAB8703EDD15E3EC57'
|
|
- '5EE292B605CD3751A24E5949AAE615D472A3C72688632C3040DC311055B75A92'
|
|
- '76B86543CE05540048F954FED37BDDA66360C4A3DDB8328213D5AEF7A960C184'
|
|
- '7F190F6E5AB0EDAFD63391506C2360230AF4C2D56C45FC8996A168A1FC12D457'
|
|
- '845F1E228DE249FC1DDF8DC28C39D03E8AD328A6277B6502D3932E83B879A65A'
|
|
- '84BF1D0BCDF175CFE8AEA2973E0373015793D43907410AE97E2071B2C4B8E2D4'
|
|
- '8EF0AD86500094E8FA3D9E7D53163AA6FEEF67C09575C169873C494ED66F057F'
|
|
- 'A56C2A2425EB3A4260CC7FC5C8D7BED7A3B4CD2AF256185F24471C668853AEE8'
|
|
- 'AC3F613D457FC4D44FA27B2E0B1BAA62C09415705EFB5A40A4756DA39B3AC165'
|
|
- 'B1334A71CC73B3D0C54F62D8011BEC330DFC355A239BF94A121F6E4C86A30A2E'
|
|
- 'B47BE212352D407D0EF7458A7161C66B47C2AEC8391DD101DF11E65728337A6A'
|
|
- 'B9B3878DDC5DFB237D38F8D25067267870AFD67D12A330397A8853209C4D889C'
|
|
- 'DB90E554AD249C2BD888282ECF7D8DA4D1538DD364129A3327B54F8242DD5653'
|
|
- 'E61A54F6D3869B43C4ECEAC3016DF73DF67CCE03878C5A6167166601C5D3F028'
|
|
- '3871E16758A1778907667F78589359734F7F62F9DC953EC558946DCDBE6951E3'
|
|
- '80CBBA9F404DF3E642F22C476664D63D7C229D45D34F5CD0E19C65EB41BECEC3'
|
|
- 'BB50818A07B0EB1BD317467139B7EB4BAD6CD89053FECDABFEAE111689825955'
|
|
- 'FF6729518A380BF57F1BC6F1EC0AA7F3012E1618B8D9B0F31A61D299EE2B4339'
|
|
- '3A5EC83FE670E5E23AEF3AFA0A7241053F5B6BE5E6CA01766D6B5F9177183C25'
|
|
- '61A1BDDDD3C512E681818DEBB5BEE94DB701768FC25E674FCAD46592A3259BD0'
|
|
- '07B6D69BAFCFD767F1B63A490A8843C3BB1F8E1BBEA56176109B5743C8F7D357'
|
|
- '21CCDD306B5183C00ECFD0475B3152E7D94B921E858E59B68A03E925D1715F21'
|
|
- '2D83CCB1AD9839C9F5B3F10B1F856177DF1594C66CBBC7661677D4B462EBF44D'
|
|
- 'F581DECC2888EF27EE1EA85EA23BBB5FB2FE6A554266FF5A1476ACD1D29D53AF'
|
|
- 'F8965FDCE668692C3785AFA3559159F9A18287BC0D53ABB21902895A8ECF221B'
|
|
- '3D23BDBAF9905259D858DF5BF991EB23D2DC9F4ECDA7F9F77839691ACEF1B8C4'
|
|
- 'DD4A1253D47DE14EF83F1BC8B40816A86CCF90D1E624C5ADF9203AE9D51D4097'
|
|
- '509628B6D16D2428031311D7BD2ADD8D5F5160E9ECC0CD909F1E82BBBB3234D6'
|
|
- '525D9B51A80CA0CD4C5889A96F857E73F3A80DA1FFBAE59851E0F51BDFB0B6CD'
|
|
- '6DE84CAA2CA18673E01B91AF58220C60AECD5CCCF269725EC3C7F226B2167492'
|
|
- '09BEDBF7A41E0F8DABE4F41D331DB58373CE15B2E9204540873A1884F38BDDE1'
|
|
- '101402D4F5D1AE413DED499C78A5FCBBC7E3BAE9B000D64C1DD64E3C48C37558'
|
|
- '131D5490CEB9A5B2324D8E927FEA5BECFC633015661DE2F4C2F2375A3A3B64C6'
|
|
- '1DDFE4756F5DB9FB319D6C6DA9C41C588A729D9E7817190B027B38E9C076D219'
|
|
- '1E8B0C1966E566A523D652E00F7727D8B0663F1DFDCE3B9A09B9ADFAEF48D8EE'
|
|
- '2BBE65CBEC3BB069E92233924F7EE1F95FFA16173FCEB932C34F68D862781250'
|
|
- '30706F110725199E338E9CC1C940D9A644D19A14F0EB8847712CBA4CACDA67AB'
|
|
- '3124B0411B8077605DB2A9B7909D8240E0D554496600E2706E531C93C931E1B5'
|
|
- '38FA0C663C8689048726666F1C5E019FEAA9DA8278F1DF6FF62DA33961891D2A'
|
|
- '39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E'
|
|
- '3D9E83B189FCF5C3541C62D1F54A0DA0A4E5B62C3243D2989AFC46644056C8E3'
|
|
- '3F2FDA9A7A9C57B7138687BBCE49A2E156D6095DDDABB3454EA09737E02C3FA5'
|
|
- '47F0CDAA2359A63AD1389EF4A635F1F6EEE1F63BDF6EF177F114BDCDADC2E005'
|
|
- '50D5EAA168C077CE5B7F15B3F2C43BD2B86B07B1E926C1B332F8CB13BD2E0793'
|
|
- '56A3C9AC137D862A85B4004F043D46542A1B61C6ACB438098A9640469E2D80E7'
|
|
- '591BD5E92DFA0117B3DAA29750E73E2DB25BAA717C31217539D30FFB1F7F3A52'
|
|
- '5D530E111400785D183057113D70623E17AF32931668AB7C7FC826F0FD4F91A3'
|
|
- '6F1FF29E2E710F6D064DC74E8E011331D807C32CC2A622CBE507FD4B4D43F8F4'
|
|
- '79E2D37632C417138970B4FEBA91B7E10C2EA251C5EFE3D1FC6FA0190F176B57'
|
|
- '85866E8C25D82C1EC91D7A8076C7D073CCCF421CF57D9C83D80D63943A4EDD94'
|
|
- '89B0017BC30CC026E32B758C66A1AF88BD54C6A78E11EC2908FF854E00AC46BE'
|
|
- '9254F012009D55F555418FF85F7D93B184AB7CB0E37AECDFDAB62CFE94DEA96B'
|
|
- '984A77E5424C6D099051441005F2938AE92B31B5AD8F6521C6B001932862ADD7'
|
|
- '98B734DDA78C16EBCAA4AFEB31007926542B63B2F163B2F733FA0D00DBB344D8'
|
|
- '99F4994A0E5BD1BF6E3F637D3225C69FF4CD620557E23637533E7F18D7D6CBA1'
|
|
- '9C10E2EC4F9EF591415F9A784B93DC9C9CDAFA7C69602C0DC860C5B62222E449'
|
|
- 'A961F5939088238D76757669A9A81905E33F247C9C635B908DAAC146AE063499'
|
|
- 'A9706E320179993DADE519A83061477ACE195DAA1B788662825484813001F526'
|
|
- 'B7A20B5F15E1871B392782C46EBCC897929443D82073EE4DCB3874B6A5976B5D'
|
|
- 'CC586254E9E89E88334ADEE44E332166119307E79C2F18F6C2AB90CE8BA7FC9B'
|
|
- 'CD4A249C3EF65AF285D0F8F30A8A96E83688486AAB515836318A2559757A89BB'
|
|
- 'CF4B5FA853CE809F1924DF3A3AE3C4E191878C4EA5248D8785DC7E51807A512B'
|
|
- 'D0BD1AE72AEB5F3EABF1531A635F990E5EAAE7FDD560342F915F723766C80889'
|
|
- 'D8B58F6A89A7618558E37AFC360CD772B6731E3BA367F8D58734ECEE2244A530'
|
|
- 'D92EAB70BCECE4432258C9C9A914483A2267F6AB5CE2630048D3A99E8CB1B482'
|
|
- 'E005E8D183E853A27AD3BB56F25489F369C11B0D47E3D4095AAD9291B3343BF1'
|
|
- 'E68D453D333854787F8470C8BAEF3E0D082F26DF5AA19C0493898BCF3401E39A'
|
|
- 'E83908EBA2501A00EF9E74E7D1C8B4FF1279F1CD6051707FD51824F87E4378FA'
|
|
- 'EF86C4E5EE1DBC4F81CD864E8CD2F4A2A85EE4475B9A9AB698A4AE1CC71FBEB0'
|
|
- 'F088B2BA27DACD5C28F8EE428F1350DCA4BC7C6606309C287C801B2E1DA1A53D'
|
|
- 'FD8669794C67B396C12FC5F08E9C004FDF851A82FAF302846878173E4FBECB03'
|
|
- '91314768DA140999E682D2A290D48B78BB25A35525EA12C1B1F9634D14602B2C'
|
|
- 'F0605DDA1DEF240DC7E14EFA73927D6C6D89988C01EA8647B671667B2B167008'
|
|
- '6CB51AE871FBD5D07C5AAD6FF8EEA43D34063089528603CA9CEB8B4F52F68DDC'
|
|
- 'DB2A9247177E8CDD50FE9433D066B86FFD2A84301AA6B2EB60F361CFFF077004'
|
|
- '7EC93F34EB323823EB199FBF8D06219086D517D0E8F4B9E348D7AFD41EC9FD5D'
|
|
- '7049F3C939EFE76A5556C2A2C04386DB51DAF61D56B679F4868BB0983C996EBB'
|
|
- '7877C1B0E7429453B750218CA491C2825DAE684AD9616642EFF7B41715C70ACA'
|
|
- '159E7C5A12157AF92E0D14A0D3EA116F91C09E21A9831486E6DC592C93C10980'
|
|
- '3243AAB18E273A9B9C4280A57AECEF278E10BFFF19ABB260D7A7820E41739099'
|
|
- '7CFA5E10DFF8A99A5D544B011F676BC383991274C693E21E3AF40CF6982ADB8C'
|
|
- 'C9B49B52B493B53CD49C12C3FA9553E57C5394555B64E32D1208F5B96A5B8C6E'
|
|
- '3EC5AD51E6879464DFBCCB9F4ED76C6325056A42548D5994BA869DA9C4C039A8'
|
|
- '47EAEBC920CCF99E09FC9924FEB6B19B8A28589F52783327067C9B09754B5E84'
|
|
# The list below is from https://github.com/jbaines-r7/dellicious and https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
|
|
- '80599708ce61ec5d6dcfc5977208a2a0be2252820a88d9ba260d8cdf5dc7fbe4'
|
|
- '9091e044273ff624585235ac885eb2b05dfb12f3022dcf535b178ff1b2e012d1'
|
|
- '01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd'
|
|
- 'ddbf5ecca5c8086afde1fb4f551e9e6400e94f4428fe7fb5559da5cffa654cc1'
|
|
- '0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5'
|
|
- 'ded2927f9a4e64eefd09d0caba78e94f309e3a6292841ae81d5528cab109f95d'
|
|
- '41cceace9751dce2b6ecaedc9a2d374fbb6458cf93b00a1dcd634ad0bc54ef89'
|
|
- '58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495'
|
|
- '11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5'
|
|
- 'cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986'
|
|
- '31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427'
|
|
- '22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c'
|
|
- '70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4'
|
|
- '1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b'
|
|
- 'e6056443537d4d2314dabca1b9168f1eaaf17a14eb41f6f5741b6b82b3119790'
|
|
- '76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22'
|
|
- '6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44'
|
|
- '2e6b339597a89e875f175023ed952aaac64e9d20d457bbc07acf1586e7fe2df8'
|
|
- '71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009'
|
|
- '39937d239220c1b779d7d55613de2c0a48bd6e12e0214da4c65992b96cf591df'
|
|
- '7ed26a593524a2a92ffcfb075a42bb4fa4775ffbf83af98525244a4710886ead'
|
|
- 'aa717e9ab4d614497df19f602d289a6eddcdba8027c71bcc807780a219347d16'
|
|
- 'ff5f6048a3d6f6738b60e911e3876fcbdc9a02ec9862f909345c8a50fd4cc0a7'
|
|
# The list below is from https://gist.github.com/k4nfr3/af970e7facb09195e56f2112e1c9549c
|
|
- '952199C28332BC90CFD74530A77EE237967ED32B3C71322559C59F7A42187DC4'
|
|
- '9529EFB1837B1005E5E8F477773752078E0A46500C748BC30C9B5084D04082E6'
|
|
- 'A7B000ABBCC344444A9B00CFADE7AA22AB92CE0CADEC196C30EB1851AE4FA062'
|
|
- '4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b'
|
|
- '01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece'
|
|
- '9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374'
|
|
- '06bda5a1594f7121acd2efe38ccb617fbc078bb9a70b665a5f5efd70e3013f50'
|
|
- 'cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6'
|
|
- 'd205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e'
|
|
# https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md
|
|
- 'a7c2e7910942dd5e43e2f4eb159bcd2b4e71366e34a68109548b9fb12ac0f7cc'
|
|
- '2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d'
|
|
- 'f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65'
|
|
- '59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347'
|
|
- '552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9'
|
|
- '86a8e0aa29a5b52c84921188cc1f0eca9a7904dcfe09544602933d8377720219'
|
|
- '1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8'
|
|
- '60c6f4f34c7319cb3f9ca682e59d92711a05a2688badbae4891b1303cd384813'
|
|
- '55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a'
|
|
- '42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f'
|
|
- 'bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc'
|
|
- 'b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de'
|
|
- '314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073'
|
|
- '65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890'
|
|
- '19a212e6fc324f4cb9ee5eba60f5c1fc0191799a4432265cbeaa3307c76a7fc0'
|
|
- 'a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200'
|
|
- '677c0b1add3990fad51f492553d3533115c50a242a919437ccb145943011d2bf'
|
|
- 'fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2'
|
|
- 'ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173'
|
|
- '18e1707b319c279c7e0204074088cc39286007a1cf6cb6e269d5067d8d0628c6'
|
|
- 'c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8'
|
|
- 'afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508'
|
|
- 'a899b659b08fbae30b182443be8ffb6a6471c1d0497b52293061754886a937a3'
|
|
- '1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52'
|
|
- '7133a461aeb03b4d69d43f3d26cd1a9e3ee01694e97a0645a3d8aa1a44c39129'
|
|
- '32e1a8513eee746d17eb5402fb9d8ff9507fb6e1238e7ff06f7a5c50ff3df993'
|
|
- '082c39fe2e3217004206535e271ebd45c11eb072efde4cc9885b25ba5c39f91d'
|
|
- '65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd'
|
|
- 'f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35'
|
|
- '9f1229cd8dd9092c27a01f5d56e3c0d59c2bb9f0139abf042e56f343637fda33'
|
|
- 'b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29'
|
|
# The list below is derived from the ELASTIC yara rules https://github.com/elastic/protections-artifacts/search?q=VulnDriver
|
|
# These are the hashes mentioned in the "reference_sample" section that ELASTIC used to create their rules
|
|
- '3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838'
|
|
- '3c5bf92c26398695f9ced7ce647a7e9f6ddcc89eea66b45aa3607196a187431b'
|
|
- '478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82'
|
|
- '4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7'
|
|
- 'b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038'
|
|
- 'ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89'
|
|
- '73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e'
|
|
- '87e38e7aeaaaa96efe1a74f59fca8371de93544b7af22862eb0e574cec49c7c3'
|
|
- '2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6'
|
|
- '43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89'
|
|
- 'e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf'
|
|
- '1dadd707c55413a16320dc70d2ca7784b94c6658331a753b3424ae696c5d93ea'
|
|
- 'd84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5'
|
|
- '5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a'
|
|
- '0f726d8ce21c0c9e01ebe6b55913c519ad6086bcaec1a89f8308f3effacd435f'
|
|
- '95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3'
|
|
- '0e14a4401011a9f4e444028ac5b1595da34bbbf9af04a00670f15ff839734003'
|
|
- '26c86227d3f387897c1efd77dc711eef748eb90be84149cb306e3d4c45cc71c7'
|
|
- '42d926cfb3794f9b1e3cb397498696cb687f505e15feb9df11b419c49c9af498'
|
|
- '1684e24dae20ab83ab5462aa1ff6473110ec53f52a32cfb8c1fe95a2642c6d22'
|
|
- '9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4'
|
|
- '440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c'
|
|
- 'e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53'
|
|
- '3a364a7a3f6c0f2f925a060e84fb18b16c118125165b5ea6c94363221dc1b6de'
|
|
- 'fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330'
|
|
- '3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46'
|
|
- '175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347'
|
|
- '8596ea3952d84eeef8f5dc5b0b83014feb101ec295b2d80910f21508a95aa026'
|
|
- '52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15'
|
|
- '543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91'
|
|
- 'e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf'
|
|
- '1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c'
|
|
- 'cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64'
|
|
- '3ed15a390d8dfbd8a8fb99e8367e19bfd1cced0e629dfe43ccdb46c863394b59'
|
|
- '8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6'
|
|
- 'eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b'
|
|
- '37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9'
|
|
- '32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351'
|
|
- 'c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5'
|
|
- 'ff803017d1acafde6149fe7d463aee23b1c4f6f3b97c698c05f3ca6f07e4df6c'
|
|
- '000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b'
|
|
- '0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05'
|
|
- 'a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433'
|
|
# https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html
|
|
- 'da6ca1fb539f825ca0f012ed6976baf57ef9c70143b7a1e88b4650bf7a925e24'
|
|
- '9c2977d63faa340b03e1bbfb8a6db19c0adfa60ff6579b888ece10022c94c3ec' #ATSZIO.sys
|
|
- '771a8d05f1af6214e0ef0886662be500ee910ab99f0154227067fddcfe08a3dd' #Driver7
|
|
- '927c2a580d51a598177fa54c65e9d2610f5f212f1b6cb2fbf2740b64368f010a'
|
|
- '42851a01469ba97cdc38939b10cf9ea13237aa1f6c37b1ac84904c5a12a81fa0'
|
|
- 'e6db8a1c9d82d18b948c7135439fdeaa9bc02ea97509e3534de65e5481489220'
|
|
- '1062211314088012edb9fe65780e35e7b3144ac45021269fc993ef2931c8584b'
|
|
- '029dbf6d8dc920a32b3c7a2057513d3741b20b7f6e7aa23b113859a8049214df'
|
|
- '1d053020079124ac526d84affb17bf4a1563ecd872c83b4b6299c9aa6a732557'
|
|
- 'c059f1b2b73ecab48d62f469d48dbde74a80c4ada07f0bd3b417ec4e044fb522'
|
|
- 'a66d2fb7ef7350ea74d4290c57fb62bc59c6ea93f759d4ca93c3febca7aeb512'
|
|
# Vuln driver version obtained from: https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part
|
|
# Version hash obtained from: https://winbindex.m417z.com/?arch=&file=clfs.sys
|
|
- '5d712d3fad791bdc67502ed7c6586ca39d12ae26c7b245c36effec92e3cda08e'
|
|
# Powertool Drivers obtained from VT by pivoting on the Imphash: f5030145594c486434040aa2636a5dde
|
|
- 'e61004335dfe7349f2b2252baa1e111fb47c0f2d6c78a060502b6fcc92f801e4'
|
|
- '7c0f77d103015fc29379ba75d133dc3450d557b0ba1f7495c6b43447abdae230'
|
|
- '97363f377aaf3c01641ac04a15714acbec978afb1219ac8f22c7e5df7f2b2d56'
|
|
- '8e6363a6393eb4234667c6f614b2072e33512866b3204f8395bbe01530d63f2f'
|
|
- '09b0e07af8b17db1d896b78da4dd3f55db76738ee1f4ced083a97d737334a184'
|
|
- '2a4f4400402cdc475d39389645ca825bb0e775c3ecb7c527e30c5be44e24af7d'
|
|
# Vuln Intel Driver CVE-2015-2291
|
|
- '5f69d6b167a1eeca3f6ac64785c3c01976ee7303171faf998d65852056988683'
|
|
- 'f877296e8506e6a1acbdacdc5085b18c6842320a2775a329d286bac796f08d54'
|
|
- '2d2c7ee9547738a8a676ab785c151e8b48ed40fe7cf6174650814c7f5f58513b'
|
|
- '1ae328c88cf49072c125f41b16c2a2063203b21164245e2850ca491bdd4a522e'
|
|
- '84b4e202c6ce1b08cda1b5e7cd3c3b073155120d80141b2055a1a98a4a18dc42'
|
|
- '0ea78cb430fbf8ef4c9f3d1eadf2b057939081b1367bc6610e918fa3c6d8920c'
|
|
- 'a2571531c6b384003bad06003be01e75fcd489b7b2d04c3d072b10f08f50b33b'
|
|
- '4d07f9ecd2540218194874427155a4dc82613574672b55257a321f80e7c9f219'
|
|
- '6d14ae56e140c02f5d1e6df5351b87ac0f4b7e9dc5a3d778a1e399cb7878802a'
|
|
- 'c4310708ee81058286be30db1b1d93deab62a37eaa7974750a7ffbe798eed747'
|
|
- 'd3d88be19bbb889af859c6189b0750a4e527891f95b0dd2e33cb987ec9784f34'
|
|
- '3313e8d7f276a48fbc9cbdb5bcd013fd79a674da6638327c6342a5c5a3bfa893'
|
|
condition: 1 of selection*
|
|
falsepositives:
|
|
- Unknown
|
|
level: high
|