ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule M_APT_Loader_Win_LIDSHOT_1 { meta: author = "Mandiant" description = "Detects LIDSHOT implant" strings: $code1 = { 4C 89 6D ?? 4C 89 6D ?? C7 45 ?? 01 23 45 67 C7 45 ?? 89 AB CD EF C7 45 ?? FE DC BA 98 C7 45 ?? 76 54 32 10 4C 89 6C 24 ?? 48 C7 45 ?? 0F 00 00 00 C6 44 24 ?? 00 } $code2 = { B8 1F 85 EB 51 41 F7 E8 C1 FA 03 8B CA C1 E9 1F 03 D1 6B CA 19 } $code3 = { C7 45 ?? 30 6B 4C 6C 66 C7 45 ?? 55 00 } condition: uint16(0) == 0x5a4d and all of them }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2023-03-09	86			Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 \| Mandiant