Common Information
| Type | Value |
|---|---|
| Value |
rule CISA_10382580_01 : rat {
meta:
Author = "CISA Code & Media Analysis"
Incident = "10382580"
Date = "2022-05-25"
Last_Modified = "20220602_1200"
Actor = "n/a"
Category = "Remote Access Tool"
Family = "n/a"
Description = "Detects Remote Access Tool samples"
MD5_1 = "199a32712998c6d736a05b2dbd24a761"
SHA256_1 = "88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8"
strings:
$s0 = { 0F B6 40 0F 6B C8 47 41 0F B6 40 0B 02 D1 6B C8 }
$s1 = { 35 41 0F B6 00 41 88 58 01 41 88 78 02 41 88 70 }
$s2 = { 66 83 F8 1E }
$s3 = { 66 83 F8 52 }
condition:
all of them
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2022-07-28 | 32 | MAR-10382254-1.v1 – C2 RAT | CISA | ||
| Details | Website | 2022-07-18 | 56 | MAR-10382580-1.v1 – Unidentified RAT | CISA | ||
| Details | Website | 2022-06-23 | 32 | MAR-10382254-1.v1 – C2 RAT | CISA | ||
| Details | Website | 2022-06-23 | 46 | MAR-10382580-1.v1 – Unidentified RAT | CISA |