ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule M_APT_Launcher_TEARPAGE_1 { meta: author = "Mandiant" date_created = "2024-08-13" date_modified = "2024-08-13" md5 = "006cbff5d248ab4a1d756bce989830b9" rev = 1 strings: $load_encrypted_payload = { FF 15 [4-8] 83 F8 2C 0F 8? [4-32] 41 B8 20 00 00 00 [4-12] FF 15 [4] 85 C0 0F 8? [4-32] 41 B8 0C 00 00 00 [4-12] FF 15 [4] 85 C0 0F 8? [4-32] 83 C6 D4 B9 40 00 00 00 [2-16] FF 15 } $chacha_marker = { 65 78 70 61 [0-12] 6E 64 20 33 [0-12] 32 2D 62 79 [0-12] 74 65 20 6B } $load_pe = { 81 3C [1-3] 50 45 00 00 [1-8] 8B [1-3] 50 [4-32] B9 FF FF 1F 00 [2-16] FF 15 [4-64] C7 44 24 [1-8] 40 00 00 00 C7 44 24 [1-8] 00 30 00 00 41 FF D? 85 C0 0F 8? } condition: all of them }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2024-09-18	39			An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader \| Google Cloud Blog
Details	Website	2024-09-17	65			An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader