Indicator (IOC)
Essential information
- Value / Name
470dbc78097d6c70939d7bc97a5e9c0a79992f79- Confidence
- 100/100
- Revoked
- Yes
- Valid from
- 03/10/2022 14:46
- Valid until
- 06/01/2024 13:46
- Pattern type
- yara
- Published
- 20/12/2025 19:35
- Modified
- 20/12/2025 22:03
- Author / Source
- AlienVault
Description
Finds opcodes to set a port to bind on 2233, encompassing the setsockopt(), htons(), and bind() from 40973d to 409791 in fe34b7c071d96dac498b72a4a07cb246
Pattern
rule M_APT_VIRTUALPITA_1
{
meta:
author = "Mandiant"
md5 = "fe34b7c071d96dac498b72a4a07cb246"
description = "Finds opcodes to set a port to bind on 2233, encompassing the setsockopt(), htons(), and bind() from 40973d to 409791 in fe34b7c071d96dac498b72a4a07cb246"
strings:
$x = {8b ?? ?? 4? b8 04 00 00 00 [0 - 4] ba 02 00 00 00 be 01 00 00 00 [0 - 2] e8 ?? ?? ?? ?? 89 4? ?? 83 7? ?? 00 79 [0 - 50] ba 10 00 00 00 [0 - 10] e8}
condition:
uint32(0) == 0x464c457f and all of them
}
Labels / Tags
Marking (TLP)
TLP:CLEAR
Related entities
No linked attack reports or intrusion sets yet.