Show in Graph
Common Information
Type Value
Value 
rule enc_PK_header {
	meta:
		author = "NCCIC trusted 3rd party"
		incident = "10135536"
		date = "2018-04-12"
		category = "hidden_cobra"
		family = "TYPEFRAME"
		hash0 = "3229a6cea658b1b3ca5ca9ad7b40d8d4"
	strings:
		$s0 = { 5F A8 80 C5 A0 87 C7 F0 9E E6 }
		$s1 = { 95 F1 6E 9C 3F C1 2C 88 A0 5A }
		$s2 = { AE 1D AF 74 C0 F5 E1 02 50 10 }
	condition:
		(uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2018-06-14 63 MAR-10135536-12 – North Korean Trojan: TYPEFRAME | CISA