Show in Graph
Common Information
Type Value
Value 
rule Windows_Trojan_Blister {
	meta:
		author = "Elastic Security"
		creation_date = "2023-08-02"
		last_modified = "2023-08-08"
		os = "Windows"
		arch = "x86"
		category_type = "Trojan"
		family = "Blister"
		threat_name = "Windows.Trojan.Blister"
		license = "Elastic License v2"
	strings:
		$b_loader_xor = { 48 8B C3 49 03 DC 83 E0 03 8A 44 05 48 [2-3] ?? 03 ?? 4D 2B ?? 75 }
		$b_loader_virtual_protect = { 48 8D 45 50 41 ?? ?? ?? ?? 00 4C 8D ?? 04 4C 89 ?? ?? 41 B9 04 00 00 00 4C 89 ?? F0 4C 8D 45 58 48 89 44 24 20 48 8D 55 F0 }
	condition:
		all of them
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2023-08-24 2 Revisiting BLISTER: New development of the BLISTER loader — Elastic Security Labs