Show in Graph
Common Information
Type Value
Value 
rule import_obfuscation_2 {
	meta:
		author = "NCCIC trusted 3rd party"
		incident = "10135536"
		date = "2018-04-12"
		category = "hidden_cobra"
		family = "TYPEFRAME"
		hash0 = "bfb41bc0c3856aa0a81a5256b7b8da51"
	strings:
		$s0 = { A6 D6 02 EB 4E B2 41 EB C3 EF 1F }
		$s1 = { B6 DF 01 FD 48 B5 }
		$s2 = { B6 D5 0E F3 4E B5 }
		$s3 = { B7 DF 0E EE }
		$s4 = { B6 DF 03 FC }
		$s5 = { A7 D3 03 FC }
	condition:
		(uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2018-06-14 63 MAR-10135536-12 – North Korean Trojan: TYPEFRAME | CISA