ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule M_Hunting_MSI_Installer_3CX_1 { meta: author = "Mandiant" md5 = "0eeb1c0133eb4d571178b2d9d14ce3e9, f3d4144860ca10ba60f7ef4d176cc736" strings: $ss1 = { 20 00 5F 64 33 64 63 6F 6D 70 69 6C 65 72 5F 34 37 2E 64 6C 6C 5F } $ss2 = { 20 00 5F 33 43 58 44 65 73 6B 74 6F 70 41 70 70 2E } $ss3 = { 20 00 5F 66 66 6D 70 65 67 2E 64 6C 6C 5F } $ss4 = "3CX Ltd1" $sc1 = { 1B 66 11 DF 9C 9A 4D 6E CC 8E D5 0C 9B 91 78 73 } $sc2 = "202303" condition: (uint32(0) == 0xE011CFD0) and filesize > 90MB and filesize < 105MB and all of them }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2023-04-20	72			3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible \| Mandiant