New Hacking Team IOC’s Released
Newsletter
Stay ahead of the curve with alerts from Rook Security.
Our analysis of the Hacking Team files continues.
The 1.0.1 release of Milano contains a new set of IOC’s which are based on 312 malicious or weaponizable file hashes. Download here: OpenIOC v1.0 and OpenIOC v1.1 (Versioning is based on OpenIOC format type). The updated IOCs have also been bundled with the latest version of Milano. These updates include the original 40 malicious file IOCs from our initial release.
It is not necessary to download both Milano and the IOC files. We provided both to allow users to leverage this information with any tool in their arsenal. Both Milano and the IOC file can be obtained through the links below.
Up to this point we have focused our efforts on a Windows executable and DLL files. We have completed analysis of over 800 windows, exe, and dll files resulting in 312 total executable files tagged as malicious or that have the ability to be utilized to support espionageware.
Additionally, our analysis continues and is focused on Linux and OSX specific files. We have identified 126 files specific to Linux at this point. As we complete the analysis of these files we will be releasing new IOC files, so please check back here on our blog for more information.
In parallel with the analysis, our developers are also working to add enhancements to Milano. Some of the features that will be introduced in the near future for this product are:
- Auto OS (operating system) detection
- Auto IOC update
- OpenIOC formatted files as an input
Once released, these features will provide Milano with the ability to run as a script with the functionality to identify which operating system is running and search for the OS specific IOC’s. The auto update feature will update the IOC’s it is hunting for every time it executes. This will ensure that future updates of IOC’s will be automatically applied each time Milano is executed.
We have also received feedback from several users that has resulted in several updates including a fix for some users experiencing the Package.zip file being flagged as malware by several AV vendors as well as providing both OpenIOC 1.0 and 1.1 formats. We appreciate your feedback, so please keep the suggestions coming!
Downloads
SHA1: 9e8eb3a45a9a871ea3028bfbd63f30a24f8fb4c9
SHA256: 19cdc201f5d158f93e8fa3f9039814ac2f3700ab3d6dc047750c3fc8a57c0356
MD5: 9894e726a7e52338879c73a4d0b9d953
SHA1: 60172d36159e837b73121e4901015d0dc02b92e2
SHA256: e805836cef04da66552b4fc755fb8aac0ad08120c3cc8ad5d0f6b86db63bc4d7
MD5: 3f8352da3cf648cd47466a42b6a95513
SHA1: db2b294b8b04191a5cc7b1b7897c52b6cbf1782c
SHA256: f077d253c6d814d9147ee9afaa3cb43195421058d6a2894f70c42f864e6acc07
MD5: c1bb38fd4e1e242466bc1a5cc4968484