Flame, sKyWIper (#2)
Authored By: Zourick Description: Basic host based indicators found in reports. Reports: http://www.crysys.hu/skywiper/skywiper.pdf https://www.securelist.com/en/blog?weblogid=208193538 Indicators: OR...
View ArticleAutocad_Worm-ACAD/Medre.A
Authored By: Christiaan Beek Description: Based on the blog written by ESET Reports: http://blog.eset.com/2012/06/21/acadmedre-a-technical-analysis-2 Indicators: OR File MD5 is...
View ArticleTrojan-Bredolab
Authored By: Cedric PERNET Description: IOC to detect a Bredolab malware variant. Process handle name is _system_xxxxxxx_ (where xxx are random hex digits) Indicators: OR Network String URI contains...
View Articlec0d0so0 Trojan
Authored By: RAustin Description: Sample of the c0d0s0 Trojan malware obtained from Malware.lu. This particular malware is capable of recording key strokes and sending them to a remote command and...
View ArticleSkyipot/Wyksol Trojan
Authored By: RAustin Description: A variant of the Sykipot/Wyksol Trojan used in recent attacks. This malware was distributed as a drive-by download exploiting CVE-2012-1889. The initial payload...
View ArticleZeroAccess/Siref.P
Authored By: @dfirn00b Description: This is looking for indicators found from a recent ZeroAccess/Siref variant. Files are located in users profile\local settings\application data\{}\@ or \n and also...
View ArticleSysadmin Tools and Security Features Disabled by Malware
Authored By: TomU @c_APT_ure Description: This IOC detects disabled sysadmin tools (task manager, registry editor) presumably by malware. ThreatExpert uses these sentences: “to prevent users from...
View ArticlePonmocup DLL Imports
Authored By: TomU @c_APT_ure Description: This IOC detects Kernel32.dll imports commonly used by Ponmocup malware (based on analysis of 5 samples found on VT). Out of 44 imports that all 5 samples had...
View ArticleEclipse RAT
Authored By: RAustin @W3nd1g04n6 Description: The Eclipse RAT malware provides remote access to an infected machine. This IOC is based on basis static analysis of numerous identified payloads. Some...
View ArticleWinLogon Shell Persistence
Authored By: TomU @c_APT_ure Description: This IOC detects malware that abuses the WinLogon Shell as persistence mechanism to startup. Normally this value should just be “explorer.exe”....
View Article
More Pages to Explore .....