Show in Graph
Common Information
Type Value
Value 
rule import_deob {
	meta:
		author = "NCCIC trusted 3rd party"
		incident = "10135536"
		date = "2018-04-12"
		category = "hidden_cobra"
		family = "TYPEFRAME"
		md5 = "ae769e62fef4a1709c12c9046301aa5d"
		md5 = "e48fe20eb1f5a5887f2ac631fed9ed63"
	strings:
		$ = { 8A 01 3C 62 7C 0A 3C 79 7F 06 B2 DB 2A D0 88 11 8A 41 01 41 84 C0 75 E8 }
		$ = { 8A 08 80 F9 62 7C 0B 80 F9 79 7F 06 82 DB 2A D1 88 10 8A 48 01 40 84 C9 75 E6 }
	condition:
		(uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and any of them
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2018-06-14 63 MAR-10135536-12 – North Korean Trojan: TYPEFRAME | CISA