Update apts/blacktech/info.md

apts/blacktech/info.md

@@ -136,8 +136,31 @@ fc863fbd71e22c99eaa2b1b0eb72d806cedeb536213e600afb03f0fbea9d2bb3
 ```
 
 
+[9]
 
+BiFrost
 
+```
+107.191.61.247
+8fd3925dadf37bebcc8844214f2bcd18
+```
+
+```
+rule RAT_BiFrost_UNIX
+{
+    meta:
+    description= "HUAPI UNIX BiFrost RAT"
+    author = "TeamT5"
+    date = "2020-04-15"
+    
+    strings:
+    $hex1 = {25 ?? 00 00 00 85 C0 75 37 8B 45 F0 89 C1 03 4D 08 8B 45 F0 03 45 08 0F B6 10 8B 45 F8 01 C2 B8 FF FF FF FF 21 D0 88 01 8B 45 F0 89 C2 03 55 08 8B 45 F0 03 45 08 0F B6 00 32 45 FD 88 02}
+    $hex2 = {8B 45 F0 03 45 08 0F B6 00 30 45 FD 8B 45 F0 89 C1 03 4D 08 8B 45 F8 89 C2 02 55 FD B8 FF FF FF FF 21 D0 88 01}
+    
+    condition:
+    all of them
+}
+```
 
 
 
@@ -153,3 +176,4 @@ fc863fbd71e22c99eaa2b1b0eb72d806cedeb536213e600afb03f0fbea9d2bb3
 [6]: https://x.com/ESETresearch/status/1382054011264700416
 [7]: https://cyberandramen.net/2021/02/11/blacktech-updates-elf-plead-backdoor/
 [8]: https://blogs.jpcert.or.jp/en/2020/03/elf-tscookie.html
+[9]: https://teamt5.org/tw/posts/technical-analysis-on-backdoor-bifrost-of-the-Chinese-apt-group-huapi/