ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	rule CmdPipeRAT { meta: description = "CmdPipeRAT" author = "LAC Co., Ltd." strings: $str1 = "%syeah.htm" ascii wide $str2 = "Mozilla/5.0 (Windows NT 6.1; WOW64)" $str3 = "Content-Type: %02x%02x%02x%02x%02x%02x" $rc4_key = { 20 4E 00 00 1E 2D 33 44 54 62 71 8E 9F AC BF CD D8 E3 F0 04 EE FD 03 54 44 22 11 EE DF 1C 0F 3D 98 73 00 34 32 30 31 39 30 39 32 33 23 } $mov_str1 = { C7 85 ?? FB FF FF 5C 63 6F 6E C7 85 ?? FB FF FF 73 6F 6C 65 C7 85 ?? FB FF FF 33 32 2E 65 66 C7 85 ?? FB FF FF 78 65 } $mov_str2 = { C7 85 ?? FB FF FF 5C 63 6D 64 C7 85 ?? FB FF FF 2E 65 78 65 } $mov_str3 = { C7 85 ?? FB FF FF 5C 65 6E 2D C7 85 ?? FB FF FF 55 53 5C 63 C7 85 ?? FB FF FF 6D 64 2E 65 C7 85 ?? FB FF FF 78 65 2E 6D C7 85 ?? FB FF FF 75 69 00 00 C7 85 ?? FB FF FF 5C 65 6E 2D 66 C7 85 ?? FB FF FF 55 53 } $mov_str4 = { C7 85 ?? FB FF FF 5C 63 6F 6E C7 85 ?? FB FF FF 73 6F 6C 65 C7 85 ?? FB FF FF 33 32 2E 65 C7 85 ?? FB FF FF 78 65 2E 6D C7 85 ?? FB FF FF 75 69 00 00 } condition: uint16(0) == 0x5A4D and (all of them) }
Category
Type	Yara Rule
Misp Type
Description

Details		Published	Attributes	CTI		Title
Details	Pdf	—	85			Operation MINAZUKI: Underwater invasive espionage