ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule M_DropperMemonly_TOUCHSHIFT_1 { meta: author = "Mandiant" description = "Hunting rule for TOUCHSHIFT" strings: $p00_0 = { 09 43 ?? EB ?? FF 43 ?? B0 ?? EB ?? E8 [4] C7 00 [4] E8 [4] 32 C0 } $p00_1 = { 4C 63 05 [4] BA [4] 4C 8B 0D [4] 48 8B 0D [4] FF 15 [4] 4C 63 05 [4] BA [4] 4C 8B 0D [4] 48 8B 0D } condition: uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550 and (($p00_0 in (70000 .. 90000) and $p00_1 in (0 .. 64000))) }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2023-03-09	86			Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 \| Mandiant