ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule CryptographyFunction { meta: author = "CISA trusted 3rd party" incident = "10271944.r1.v1" date = "2019-12-25" category = "Hidden_Cobra" family = "HOTCROISSANT" strings: $ALGO_crypto_1 = { 8A [1-5] 32 [1-4] 32 [1-4] 32 [1-4] 88 [1-5] 8A [1-4] 32 [1-4] 22 [1-4] 8B [1-5] 8D [3-7] 33 [1-4] 81 [3-7] C1 [1-5] C1 [1-5] 0B [1-4] 8D [1-5] 33 [1-4] 22 [1-4] C1 [1-5] 33 [1-4] 32 [1-4] 8B [1-4] 83 [1-5] C1 [1-5] 33 [1-4] C1 [1-5] C1 } condition: uint16(0) == 0x5A4D and any of them }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2020-02-14	20			MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT \| CISA
Details	Website	2020-02-14	25			MAR-10265965-1.v1 – North Korean Trojan: BISTROMATH \| CISA