ioc[.]one - OSINT Cyber Threat Intelligence Database

NCSC TIP Line Dancer

Show in Graph

Image Description

Common Information

Type	Value
UUID	fbdf9315-fdc3-4ae5-9d01-67c378f80498
Fingerprint	821c2f1ec6507bb36d04651cac8ef9ae44396937b25ef520f2679a7b236a755c
Analysis status	DONE
Considered CTI value	1
Text language
Published	April 24, 2024, 2:25 p.m.
Added to db	Nov. 6, 2024, 11:05 a.m.
Last updated	Nov. 6, 2024, 11:06 a.m.
Headline	NCSC TIP Line Dancer
Title	NCSC TIP Line Dancer
Detected Hints/Tags/Attributes	25/1/4

Source URLs

	Redirection	Url
Details	Source	https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-dancer.pdf

URL Provider

Details	Provider	Source level domain
Details	ncsc.gov.uk	www.ncsc.gov.uk

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	35		first.org
Details	Domain	53		ncsc.gov.uk
Details	Email	22		ncscinfoleg@ncsc.gov.uk
Details	Yara rule	1		rule Line_Dancer { meta: author = "NCSC" description = "Targets code sections of Line Dancer, a shellcode loader targeting Cisco ASA devices." strings: $ = { 48 8D 5E 20 48 8D 3D BB FF FF FF BA 20 00 00 00 } $ = { 4C 89 EE 44 89 F2 48 8D 3D 9A 27 00 00 } $ = { 41 FF D7 41 5F 41 5E 41 5D 41 5C 5B 5D 48 C7 C0 01 00 00 00 5F } condition: all of them }