ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule ELF_unpacked_STEELCORGI_backdoor_UNC1945 { meta: description = "Yara Rule for unpacked ELF backdoor of UNC1945" author = "Yoroi Malware Zlab" last_updated = "2020_12_21" tlp = "white" category = "informational" strings: $s1 = "MCARC" $s2 = "833fc0088ea41bc3331db60ae2.debug" $s3 = "PORA1022" $s4 = "server" $s5 = "test" $s6 = "no ejecutar git-update-server-info" $s7 = "dlopen" $s8 = "dlsym" $s9 = "5d5c6da19e62263f67ca63f8bedeb6.debug" $s10 = { 72 69 6E 74 20 22 5B 56 5D 20 41 74 74 65 6D 70 74 69 6E 67 20 74 6F 20 67 65 74 20 4F 53 20 69 6E 66 6F 20 77 69 74 68 20 63 6F 6D 6D 61 6E 64 3A 20 24 63 6F 6D 6D 61 6E 64 5C 6E 22 20 69 66 20 24 76 65 72 62 6F 73 65 3B } condition: all of them and #s4 > 50 and #s5 > 20 }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Website	2021-01-12	18			Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife - Yoroi