Show in Graph
Common Information
Type Value
Value 
rule HC_RAT {
	meta:
		author = "NCCIC Code & Media Analysis"
		incident = "10135536"
		date = "2018-04-12"
		category = "hidden_cobra"
		family = "TYPEFRAME"
		hash0 = "1C53E7269FE9D84C6DF0A25BA59B822C"
	strings:
		$s0 = { 8B 4C 24 04 33 C0 81 E1 FF FF 00 00 81 C1 00 80 FF FF 83 F9 43 0F 87 70 01 00 00 }
		$s1 = { 88 04 30 40 3D 00 01 00 00 }
		$s2 = { 48 89 4C 24 08 57 48 83 EC 20 0F B7 C1 33 FF 05 00 80 FF FF 83 F8 43 0F 87 60 02 00 00 }
		$s3 = { 88 01 FF C0 48 FF C1 3D 00 01 00 00 }
	condition:
		($s0 and $s1) or ($s2 and $s3)
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2018-06-14 63 MAR-10135536-12 – North Korean Trojan: TYPEFRAME | CISA