What's new
  • Please do not post any links until you have 3 posts as they will automatically be rejected to prevent SPAM. Many words are also blocked due to being used in SPAM Messages. Thanks!

HackingTeam malware detection

trodas

Well-known member
Joined
Feb 3, 2008
Messages
394
Location
Czech republic
Is your computer infected by some of the HackingTeam tools? You can find out now!



Rook Security released their tool called Milano, witch are sharing freely, scans for the presence of files associated with the recent Hacking Team breach. For this first iteration of the tool, we they conducted analysis on 93 Windows binaries released from the Hacked Team breach. These files were specific to the projects found on the Hacked Team git projects.

They are continuing to review the remaining files from the 400Gb and will provide more .ioc files as more information is available.

Milano can scan to find Hacking Team associated files in two different ways:

Quick scan: This mode scans for files by filename. If a filename matches, it then checks if file’s computed hash matches the hash from the Hacking-Team-associated file. This approach is not comprehensive, but it is an OK starting point for detection. It is much faster than the deep scan approach.

Deep scan: This approach checks all files (via their computed hash) against all md5s from Hacking-Team-associated files.

You can grab the tool there, unpack and run (opens shell):
https://www.rooksecurity.com/wp-content/uploads/2015/07/Package_1.1.zip

For possible future updates, check there:
https://www.rooksecurity.com/hacking-team-malware-detection-utility/
 

sswilson

Moderator
Staff member
Joined
Dec 9, 2006
Messages
17,897
Location
Moncton NB
I'm always leery of any security software not released by a well known source (or at least vetted by a well known source).
 

FreeKnight

Well-known member
Joined
Jul 8, 2009
Messages
2,037
Location
Edmonton, AB
I'm always leery of any security software not released by a well known source (or at least vetted by a well known source).
Agreed. I'll stick with Malwarebytes, MSE and Avast or AVG as necessary. There's enough false 'spyware detectors' out there that I don't chance it.
 

Lysrin

Well-known member
Joined
Mar 10, 2014
Messages
3,141
Location
Nova Scotia
Yeah. Not intending to cast any dispersions on trodas, but that whole post gave me the hebejebees! Could be legit, but I wasn't downloading.
 

Twitter

Top