ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule M_APT_Loader_Win_LIDSHIFT_1 { meta: author = "Mandiant" description = "Detects LIDSHIFT implant" strings: $anchor1 = "%s:%s:%s" $encloop = { 83 ?? 3F 72 ?? EB ?? 8D ?? ?? B8 ?? 41 10 04 F7 ?? 8B ?? 2B ?? D1 ?? 03 ?? C1 ?? 05 6B ?? 3F 2B ?? 42 0F ?? ?? ?? 41 ?? ?? } condition: uint16(0) == 0x5a4d and all of them }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2023-03-09	86			Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 \| Mandiant