Common Information
| Type | Value |
|---|---|
| Value |
rule crypt_constants_2 {
meta:
Author = "NCCIC trusted 3rd party"
Incident = "10135536"
Date = "2018/04/19"
category = "hidden_cobra"
family = "n/a"
description = "n/a"
strings:
$ = { EF CD AB 90 }
$ = { 55 84 26 FE }
$ = { 78 56 B4 C2 }
condition:
(uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |