[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 406
  • Last Modified:

“Dyre” Banking Malware Nessus Check

Hi is there a Nessus scan or audit file that can be used to check “Dyre” Banking Malware
0
cesemj
Asked:
cesemj
1 Solution
 
btanExec ConsultantCommented:
If AV detects that, Nessus should be able to sieve out baed on the anomalous activities but it may not be specifically targeting Dyre http://www.tenable.com/blog/detecting-known-malware-processes-using-nessus

Hence, good that you explore using the Indicators of Compromise (IOCs) such as below. It is a XML schema that is like a signature of its traces. https://www.iocbucket.com/iocs/737ce855904ffa03094902d4b936c049bc327fb9

There is ioceditor tool that can edit it or create it. And iocfinder that collects host system data and reporting its presence http://www.mandiant.com/products/free_software/ioceditor/
http://www.mandiant.com/resources/download/ioc-finder/

Not that I know Nessus can consume OpenIOC though. But other such as TrisulRP tool to sweep for this IOC as the tool can write scripts in Ruby to automate its Trisul tasks. The blog share a .rb script that  consume an OpenIOC file, extract supported network based indicators, and sweep past traffic for matches. http://trisul.org/blog/ioc-sweeper/post.html
0
 
cesemjAuthor Commented:
Thanks for pointing me in the right direction.
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now