IOC: bd2e54346febc2c0eb5044203e51f8fd8bec7af7

216.73.216.6

Indicator (IOC)

yara Revoked AlienVault · Published 20/12/2025 19:40 · Modified 21/12/2025 01:07

Essential information

Value / Name: bd2e54346febc2c0eb5044203e51f8fd8bec7af7
Confidence: 100/100
Revoked: Yes
Valid from: 08/09/2023 23:46
Valid until: 11/12/2024 22:46
Pattern type: yara
Published: 20/12/2025 19:40
Modified: 21/12/2025 01:07
Author / Source: AlienVault

Description

Detects perl script linked to SKIPJACK backdoor samples

Pattern

rule CISA_10454006_11 : trojan   
      
   				{   
      
   				meta:   
      
   				 author = "CISA Code & Media Analysis"   
      
   				 incident = "10454006"   
      
   				 date = "2023-07-20"   
      
   				 last_modified = "20230726_1700"   
      
   				 actor = "n/a"   
      
   				 family = "n/a"   
      
   				 Capabilities = "n/a"   
      
   				 Malware_Type = "trojan"   
      
   				 Tool_Type = "unknown"   
      
   				 description = "Detects perl script linked to SKIPJACK backdoor samples"   
      
   				 SHA256 = "63788797919985d0e567cf9133ad2ab7a1c415e81598dc07c0bfa3a1566aeb90"   
      
   				strings:   
      
   				 $s1 = { 2f 65 74 63 2f 66 73 74 61 62 2e 6d 61 69 6e }   
      
   				 $s2 = { 28 3c 46 53 54 41 42 3e 29 }   
      
   				 $s3 = { 6d 79 20 28 24 70 61 72 74 69 74 69 6f 6e 2c 20 24 66 73 5f 74 79 70 65 29 }   
      
   				 $s4 = { 70 72 69 6e 74 20 24 66 73 5f 74 79 70 65 }   
      
   				 $s5 = { 70 72 69 6e 74 20 24 70 61 72 74 69 74 69 6f 6e }   
      
   				condition:   
      
   				 all of them   
      
   				}

Labels / Tags

Labels: backdoor download malware saltwater seaspray size skipjack whirlpool

Marking (TLP)

TLP:CLEAR

Related entities

No linked attack reports or intrusion sets yet.