ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule M_APT_CRYPTOSLAY_UNC1860_1 { meta: desc = "Detects the UNC1860 CRYPTOSLAY malware by its string decryption method" rs1 = "3F2FD2DFD27BF3CAFCBF0946E308832E11A1D9C1 D98FB04AC848E023E6720F53" rs2 = "5c1a42e9baaec115df337d2f4a9dcce8d73f29375921 827e367fcba8499cdfa2" strings: $a1 = { FE 09 00 00 6F ?? 00 00 0A FE 0E 00 00 FE 0C 00 00 20 02 00 00 00 5B 8D ?? 00 00 01 FE 0E 01 00 20 00 00 00 00 FE 0E 04 00 38 39 00 00 00 FE 0C 01 00 FE 0C 04 00 20 02 00 00 00 5B FE 09 00 00 FE 0C 04 00 20 02 00 00 00 6F ?? 00 00 0A 20 10 00 00 00 28 ?? 00 00 0A 9C FE 0C 04 00 20 02 00 00 00 58 FE 0E 04 00 FE 0C 04 00 FE 0C 00 00 3F BA FF FF FF 28 ?? 00 00 0A } $a2 = { FE 09 00 00 6F ?? 00 00 0A FE 0E 00 00 FE 0C 00 00 20 02 00 00 00 5B 8D ?? 00 00 01 FE 0E 01 00 20 00 00 00 00 FE 0E 06 00 38 39 00 00 00 FE 0C 01 00 FE 0C 06 00 20 02 00 00 00 5B FE 09 00 00 FE 0C 06 00 20 02 00 00 00 6F ?? 00 00 0A 20 10 00 00 00 28 ?? 00 00 0A 9C FE 0C 06 00 20 02 00 00 00 58 FE 0E 06 00 FE 0C 06 00 FE 0C 00 00 FE 04 FE 0E 07 00 FE 0C 07 00 3A B0 FF FF FF } condition: uint16(0) == 0x5A4D and any of them }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2024-09-19	26			UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks \| Google Cloud Blog