Solved

“Dyre” Banking Malware Nessus Check

Posted on 2015-01-22
2
388 Views
Last Modified: 2015-01-23
Hi is there a Nessus scan or audit file that can be used to check “Dyre” Banking Malware
0
Comment
Question by:cesemj
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40566169
If AV detects that, Nessus should be able to sieve out baed on the anomalous activities but it may not be specifically targeting Dyre http://www.tenable.com/blog/detecting-known-malware-processes-using-nessus

Hence, good that you explore using the Indicators of Compromise (IOCs) such as below. It is a XML schema that is like a signature of its traces. https://www.iocbucket.com/iocs/737ce855904ffa03094902d4b936c049bc327fb9

There is ioceditor tool that can edit it or create it. And iocfinder that collects host system data and reporting its presence http://www.mandiant.com/products/free_software/ioceditor/
http://www.mandiant.com/resources/download/ioc-finder/

Not that I know Nessus can consume OpenIOC though. But other such as TrisulRP tool to sweep for this IOC as the tool can write scripts in Ruby to automate its Trisul tasks. The blog share a .rb script that  consume an OpenIOC file, extract supported network based indicators, and sweep past traffic for matches. http://trisul.org/blog/ioc-sweeper/post.html
0
 

Author Closing Comment

by:cesemj
ID: 40567131
Thanks for pointing me in the right direction.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
parent control advice for app searches 4 33
Using GMail for Scanning 5 45
Software to manage all passwords for our IT dept 7 45
What is the goal of SOC2 compliance? 4 27
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question