Common Information
| Type | Value |
|---|---|
| Value |
rule CyclopsBlink_config_identifiers {
meta:
author = "NCSC"
description = "Detects the initial characters used to identify
Cyclops Blink configuration data"
date = "2022-02-23"
hash1 = "3adf9a59743bc5d8399f67cab5eb2daf28b9b863"
hash2 = "c59bc17659daca1b1ce65b6af077f86a648ad8a8"
strings:
$ = "<p: " fullword
$ = { 3C 00 3C 6B 60 00 3A 20 90 09 00 00 }
$ = { 3C 00 3C 63 60 00 3A 20 90 09 00 00 }
$ = { 3C 00 3C 73 60 00 3A 20 90 09 00 00 }
condition:
(uint32(0) == 0x464c457f) and (all of them)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |