ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule BusyBuzzard_shellcode_loader_x64 { meta: author = "NCSC" description = "Detects code bytes used for resolving function addresses in the Busy Buzzard shellcode loader" date = "2022-03-25" hash1 = "8fd99d9066020003358aa3e23c9af3d4911ce979" hash2 = "266852db4ad2d293469515820fd5e7c228cd4b3e" strings: $ = { 3D 67 65 74 70 } $ = { 3D 64 64 72 65 } $ = { C7 45 50 49 73 42 61 } $ = { C7 45 54 64 52 65 61 } $ = { C7 45 58 64 50 74 72 } $ = { C7 45 20 49 6D 61 67 } $ = { C7 45 24 65 52 76 61 } $ = { C7 45 28 54 6F 56 61 } $ = { 48 C7 C0 30 00 00 00 65 48 8B 00 48 8B 40 60 48 8B 40 18 48 8B 40 10 48 8B 00 48 8B 00 48 8B 40 30 C3 } condition: all of them }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Pdf	2023-02-09	75			Busy Buzzard