Show in Graph
Common Information
Type Value
Value 
rule CISA_3P_10135536_02 : rc4_key_2 {
	meta:
		Author = "CISA Trusted Third Party"
		Incident = "10135536"
		Date = "2018-04-19"
		Actor = "Hidden Cobra"
		Category = "n/a"
		Family = "n/a"
		Description = "n/a"
	strings:
		$s1 = { C6 ?? ?? 79 C6 ?? ?? E1 C6 ?? ?? 0A C6 ?? ?? 5D C6 ?? ?? 87 C6 ?? ?? 7D C6 ?? ?? 9F C6 ?? ?? F7 C6 ?? ?? 5D C6 ?? ?? 12 C6 ?? ?? 2E C6 ?? ?? 11 C6 ?? ?? 65 C6 ?? ?? AC C6 ?? ?? E3 C6 ?? ?? 25 }
		$s2 = { C7 ?? ?? 79 E1 0A 5D C7 ?? ?? 87 7D 9F F7 C7 ?? ?? 5D 12 2E 11 C7 ?? ?? 65 AC E3 25 }
	condition:
		(uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2020-05-12 18 MAR-10288834-3.v1 – North Korean Trojan: PEBBLEDASH | CISA