30 Mart 2015 Pazartesi
23 Mart 2015 Pazartesi
Poseidon POS Malware
C&C IP Addresses
151.236.11.167
185.13.32.132
185.13.32.48
31.184.192.196
91.220.131.116
91.220.131.87
151.236.11.167
185.13.32.132
185.13.32.48
31.184.192.196
91.220.131.116
91.220.131.87
4 Mart 2015 Çarşamba
PwnPOS Yara Rule
rule PoS_Malware_PwnPOS : PwnPOS
{
meta:
author = “Trend Micro, Inc.”
date = “2015-02-25¨
description = “Used to detect PwnPOS RAM Scraper”
sample_filetype = “exe”
strings:
$string0 = “\\$l9D$d”
$string1 = “c:\\r1\\Release\\r1.pdb”
$string2 = “CMicrosoft Visual C++ Runtime Library” wide
$string3 = “StartServiceCtrlDispatcher(): service already running.”
$string4 = “DebugConsole.log”
{
meta:
author = “Trend Micro, Inc.”
date = “2015-02-25¨
description = “Used to detect PwnPOS RAM Scraper”
sample_filetype = “exe”
strings:
$string0 = “\\$l9D$d”
$string1 = “c:\\r1\\Release\\r1.pdb”
$string2 = “CMicrosoft Visual C++ Runtime Library” wide
$string3 = “StartServiceCtrlDispatcher(): service already running.”
$string4 = “DebugConsole.log”
2 Mart 2015 Pazartesi
RAMNIT YARA Rules
1 - ramnit _ cookie _ module
rule ramnit _ cookie _ module
{
meta:
tags = “Ramnit”
strings:
$cookie1 = “IE
Cookies\x00FireFox Cookies\\Profile %d\\cookies.txt\
x00”
$cookie2 =
“Chrome\\Cookies\x00Chrome\\Extension Cookies\x00Opera\\
Profile %d\\cookies4.dat\x00”
condition:
any of them
}
Kaydol:
Kayıtlar (Atom)