Neo23x0's signature-base excerpt publishes YARA rules for malicious Windows and macOS samples associated with the North Korea-linked 3CX compromise. The rules detect malicious DLLs, decrypted payloads, compromised 3CX-signed binaries, MSI installers, and macOS applications using PE/Mach-O traits, file-size constraints, known hashes, certificate metadata, and byte patterns for payload execution. Detection logic includes VirtualProtect and ReadFile/MZ checks, RC4 key material, Base64/AES-related routines, GitHub IconStorages strings, and markers found in the malicious samples. The material is useful for detection engineering and hunting because it gives defenders concrete signatures to validate suspected 3CX supply-chain activity in endpoint and file telemetry.