Jump to content
rukov

HackingTeam Malware Detection

Recommended Posts

Posted

Is your computer infected by some of the MackingTeam tools? You can find out now!

Rook Security released their tool called Milano, witch are sharing freely, scans for the presence of files associated with the recent Hacking Team breach. For this first iteration of the tool, we they conducted analysis on 93 Windows binaries released from the Hacked Team breach. These files were specific to the projects found on the Hacked Team git projects.

They are continuing to review the remaining files from the 400Gb and will provide more .ioc files as more information is available.

Milano can scan to find Hacking Team associated files in two different ways:

Quick scan: This mode scans for files by filename. If a filename matches, it then checks if file?? computed hash matches the hash from the Hacking-Team-associated file. This approach is not comprehensive, but it is an OK starting point for detection. It is much faster than the deep scan approach.

Deep scan: This approach checks all files (via their computed hash) against all md5s from Hacking-Team-associated files.

You can grab the tool there, unpack and run (opens shell):

https://www.rooksecurity.com/wp-content/uploads/2015/07/Package_1.1.zip

For possible future updates, check there:

https://www.rooksecurity.com/hacking-team-malware-detection-utility/

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...