Quantcast
Channel: IOC: Forensic Artifacts
Browsing latest articles
Browse All 13 View Live

Flame, sKyWIper (#2)

Authored By: Zourick Description: Basic host based indicators found in reports. Reports: http://www.crysys.hu/skywiper/skywiper.pdf https://www.securelist.com/en/blog?weblogid=208193538 Indicators: OR...

View Article



Autocad_Worm-ACAD/Medre.A

Authored By: Christiaan Beek Description: Based on the blog written by ESET Reports: http://blog.eset.com/2012/06/21/acadmedre-a-technical-analysis-2 Indicators: OR    File MD5 is...

View Article

Trojan-Bredolab

Authored By: Cedric PERNET Description: IOC to detect a Bredolab malware variant. Process handle name is _system_xxxxxxx_ (where xxx are random hex digits) Indicators: OR    Network String URI contains...

View Article

c0d0so0 Trojan

Authored By: RAustin Description: Sample of the c0d0s0 Trojan malware obtained from Malware.lu. This particular malware is capable of recording key strokes and sending them to a remote command and...

View Article

Skyipot/Wyksol Trojan

Authored By: RAustin Description: A variant of the Sykipot/Wyksol Trojan used in recent attacks. This malware was distributed as a drive-by download exploiting CVE-2012-1889. The initial payload...

View Article


ZeroAccess/Siref.P

Authored By: @dfirn00b Description: This is looking for indicators found from a recent ZeroAccess/Siref variant. Files are located in users profile\local settings\application data\{}\@ or \n and also...

View Article

Sysadmin Tools and Security Features Disabled by Malware

Authored By: TomU @c_APT_ure Description: This IOC detects disabled sysadmin tools (task manager, registry editor) presumably by malware. ThreatExpert uses these sentences: “to prevent users from...

View Article

Ponmocup DLL Imports

Authored By: TomU @c_APT_ure Description: This IOC detects Kernel32.dll imports commonly used by Ponmocup malware (based on analysis of 5 samples found on VT). Out of 44 imports that all 5 samples had...

View Article


Eclipse RAT

Authored By: RAustin @W3nd1g04n6 Description: The Eclipse RAT malware provides remote access to an infected machine. This IOC is based on basis static analysis of numerous identified payloads. Some...

View Article


WinLogon Shell Persistence

Authored By:  TomU @c_APT_ure Description:  This IOC detects malware that abuses the WinLogon Shell as persistence mechanism to startup. Normally this value should just be “explorer.exe”....

View Article
Browsing latest articles
Browse All 13 View Live




Latest Images