Show in Graph
Common Information
Type Value
Value 
rule CISA_10295134_01 : rat trojan HIDDENCOBRA BLINDINGCAN {
	meta:
		Author = "CISA Code & Media Analysis"
		Incident = "10295134"
		Date = "2020-07-28"
		Last_Modified = "20200730_1030"
		Actor = "HiddenCobra"
		Category = "Trojan RAT"
		Family = "BLINDINGCAN"
		Description = "Detects 32 and 64bit HiddenCobra BlindingCan Trojan RAT"
		MD5_1 = "e7718609577c6e34221b03de7e959a8c"
		SHA256_1 = "bdfd16dc53f5c63da0b68df71c6e61bad300e59fd5748991a6b6a3650f01f9a1"
		MD5_2 = "6c2d15114ebdd910a336b6b147512a74"
		SHA256_2 = "58027c80c6502327863ddca28c31d352e5707f5903340b9e6ccc0997fcb9631d"
	strings:
		$s0 = { C7 44 24 20 0D 06 09 2A C7 44 24 24 86 48 86 F7 C7 44 24 28 0D 01 01 01 C7 44 24 2C 05 00 03 82 }
		$s1 = { C7 45 EC 0D 06 09 2A C7 45 F0 86 48 86 F7 C7 45 F4 0D 01 01 01 C7 45 F8 05 00 03 82 }
	condition:
		$s0 or $s1
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2020-08-19 80 MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN | CISA
Details Website 2020-08-19 68 MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN | CISA