Common Information
| Type | Value |
|---|---|
| Value |
rule polarsslClientHello {
meta:
author = "CISA trusted 3rd party"
incident = "10271944.R3.V1"
date = "2019-12-25"
category = "Hidden_Cobra"
family = "BUFFETLINE"
strings:
$polarSSL = "fjiejffndxklfsdkfjsaadiepwn"
$cliHello = "!Q@W#E$R%T^Y&U*I(O)P"
condition:
(uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |