Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 402
  • Last Modified:

“Dyre” Banking Malware Nessus Check

Hi is there a Nessus scan or audit file that can be used to check “Dyre” Banking Malware
0
cesemj
Asked:
cesemj
1 Solution
 
btanExec ConsultantCommented:
If AV detects that, Nessus should be able to sieve out baed on the anomalous activities but it may not be specifically targeting Dyre http://www.tenable.com/blog/detecting-known-malware-processes-using-nessus

Hence, good that you explore using the Indicators of Compromise (IOCs) such as below. It is a XML schema that is like a signature of its traces. https://www.iocbucket.com/iocs/737ce855904ffa03094902d4b936c049bc327fb9

There is ioceditor tool that can edit it or create it. And iocfinder that collects host system data and reporting its presence http://www.mandiant.com/products/free_software/ioceditor/
http://www.mandiant.com/resources/download/ioc-finder/

Not that I know Nessus can consume OpenIOC though. But other such as TrisulRP tool to sweep for this IOC as the tool can write scripts in Ruby to automate its Trisul tasks. The blog share a .rb script that  consume an OpenIOC file, extract supported network based indicators, and sweep past traffic for matches. http://trisul.org/blog/ioc-sweeper/post.html
0
 
cesemjAuthor Commented:
Thanks for pointing me in the right direction.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now