ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule BLACKMOON_BANKER { meta: author = "Proofpoint Staff" info = "blackmoon update" strings: $s1 = "BlackMoon RunTime Error:" ascii wide nocase $s2 = "\\system32\\rundll32.exe" ascii wide $s3 = "cmd.exe /c ipconfig /flushdns" ascii wide $s4 = "\\system32\\drivers\\etc\\hosts.ics" ascii wide condition: all of them }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2016-01-19	82			Updated Blackmoon banking Trojan stays focused on South Korean banking customers \| Proofpoint