Solved

“Dyre” Banking Malware Nessus Check

Posted on 2015-01-22
2
370 Views
Last Modified: 2015-01-23
Hi is there a Nessus scan or audit file that can be used to check “Dyre” Banking Malware
0
Comment
Question by:cesemj
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
If AV detects that, Nessus should be able to sieve out baed on the anomalous activities but it may not be specifically targeting Dyre http://www.tenable.com/blog/detecting-known-malware-processes-using-nessus

Hence, good that you explore using the Indicators of Compromise (IOCs) such as below. It is a XML schema that is like a signature of its traces. https://www.iocbucket.com/iocs/737ce855904ffa03094902d4b936c049bc327fb9

There is ioceditor tool that can edit it or create it. And iocfinder that collects host system data and reporting its presence http://www.mandiant.com/products/free_software/ioceditor/
http://www.mandiant.com/resources/download/ioc-finder/

Not that I know Nessus can consume OpenIOC though. But other such as TrisulRP tool to sweep for this IOC as the tool can write scripts in Ruby to automate its Trisul tasks. The blog share a .rb script that  consume an OpenIOC file, extract supported network based indicators, and sweep past traffic for matches. http://trisul.org/blog/ioc-sweeper/post.html
0
 

Author Closing Comment

by:cesemj
Comment Utility
Thanks for pointing me in the right direction.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now