“Dyre” Banking Malware Nessus Check

Hi is there a Nessus scan or audit file that can be used to check “Dyre” Banking Malware
Who is Participating?
btanConnect With a Mentor Exec ConsultantCommented:
If AV detects that, Nessus should be able to sieve out baed on the anomalous activities but it may not be specifically targeting Dyre http://www.tenable.com/blog/detecting-known-malware-processes-using-nessus

Hence, good that you explore using the Indicators of Compromise (IOCs) such as below. It is a XML schema that is like a signature of its traces. https://www.iocbucket.com/iocs/737ce855904ffa03094902d4b936c049bc327fb9

There is ioceditor tool that can edit it or create it. And iocfinder that collects host system data and reporting its presence http://www.mandiant.com/products/free_software/ioceditor/

Not that I know Nessus can consume OpenIOC though. But other such as TrisulRP tool to sweep for this IOC as the tool can write scripts in Ruby to automate its Trisul tasks. The blog share a .rb script that  consume an OpenIOC file, extract supported network based indicators, and sweep past traffic for matches. http://trisul.org/blog/ioc-sweeper/post.html
cesemjAuthor Commented:
Thanks for pointing me in the right direction.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.