Show in Graph
Common Information
Type Value
Value 
rule CISA_10135536_06 : trojan rat HIDDENCOBRA BLINDINGCAN {
	meta:
		Author = "CISA Code & Media Analysis"
		Incident = "10135536"
		Date = "2018-05-04"
		Actor = "HiddenCobra"
		Category = "Trojan RAT"
		Family = "BLINDINGCAN"
		Description = "Detects 32bit HiddenCobra BLINDINGCAN Trojan RAT"
		MD5_1 = "f9e6c35dbb62101498ec755152a8a67b"
		SHA256_1 = "1ee75106a9113b116c54e7a5954950065b809e0bb4dd0a91dc76f778508c7954"
		MD5_2 = "d742ba8cf5b24affdf77bc6869da0dc5"
		SHA256_2 = "7dce6f30e974ed97a3ed024d4c62350f9396310603e185a753b63a1f9a2d5799"
		MD5_3 = "aefcd8e98a231bccbc9b2c6d578fc8f3"
		SHA256_3 = "96721e13bae587c75618566111675dec2d61f9f5d16e173e69bb42ad7cb2dd8a"
		MD5_4 = "3a6b48871abbf2a1ce4c89b08bc0b7d8"
		SHA256_4 = "f71d67659baf0569143874d5d1c5a4d655c7d296b2e86be1b8f931c2335c0cd3"
	strings:
		$s0 = { C7 45 EC 0D 06 09 2A C7 45 F0 86 48 86 F7 C7 45 F4 0D 01 01 01 C7 45 F8 05 00 03 82 }
		$s1 = { 50 4D 53 2A 2E 74 6D 70 }
		$s2 = { 79 67 60 3C 77 F9 BA 77 7A 56 1B 68 51 26 11 96 B7 98 71 39 82 B0 81 78 }
	condition:
		any of them
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2020-08-19 80 MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN | CISA
Details Website 2020-08-19 68 MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN | CISA