ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	import "hash" rule SharpC2Dll { meta: description = "SharpC2 - SharpC2.dll" sha256 = "ce0fe31e5c1fe918f766ab2e83daaac9e58cce3972c0872f8d1b2de03417528f" strings: $s1 = "SharpC2.dll" wide fullword $s2 = "RClient.Components.Pivots.ReversePortForwardTable+<OnReversePortForwardCreated>d__7" ascii fullword $s3 = "AClient.Components.Pivots.ReversePortForwardTable+<AddForward>d__5" ascii fullword $s4 = "RClient.Components.Pivots.ReversePortForwardTable+<OnReversePortForwardDeleted>d__6" ascii fullword $s5 = "DClient.Components.Pivots.ReversePortForwardTable+<DeleteForward>d__9" ascii fullword $s6 = "HClient.Components.Pivots.ReversePortForwardTable+<OpenCreateForward>d__8" ascii fullword $s7 = "__Blazor.Client.Components.Tasks.ProcessListing" ascii fullword $s8 = "C:\\Tools\\SharpC2\\Client\\obj\\Release\\net7.0-windows10.0.19041.0\\win10-x64\\SharpC2.pdb" ascii fullword $s9 = "IClient.Components.Pivots.ReversePortForwardTable+<OnInitializedAsync>d__4" ascii fullword $s10 = "KClient.Components.Pivots.CreateReversePortForward+<OnInitializedAsync>d__12" ascii fullword $s11 = "7Client.Components.Handlers.HostAFile+<UploadFiles>d__22" ascii fullword $s12 = "SHELLCODE" wide fullword $s13 = "Microsoft.ui.xaml.dll" ascii fullword $s14 = "0Client.Services.SharpC2Api+<GetHostedFiles>d__26" ascii fullword $s15 = "8Client.Services.SharpC2Api+<GetReversePortForwards>d__42" ascii fullword $s16 = "7Client.Services.SharpC2Api+<GetReversePortForward>d__43" ascii fullword $s17 = "__Blazor.Client.Components.Pivots.CreateReversePortForward" ascii fullword $s18 = ";Client.Components.Handlers.HttpHandlers+<OpenHostFile>d__10" ascii fullword $s19 = "9Client.Components.Events.WebLogs+<OnInitializedAsync>d__3" ascii fullword $s20 = "__Blazor.Client.Components.Pivots.ReversePortForwardTable" ascii fullword $s21 = "MemoryStream" ascii fullword condition: hash.sha256(0, filesize) == "ce0fe31e5c1fe918f766ab2e83daaac9e58cce3972c0872f8d1b2de03417528f" or uint16(0) == 0x5a4d and filesize < 2000KB and 8 of them }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2024-08-02	396			Resecurity \| C2 Frameworks - Threat Hunting in Action with YARA Rules