RookLabs: outil d'analyse Milano

Questions autour de la sécurité en général.
Pour les désinfections, merci de vous rendre dans la partie Windows --> Virus : Aide Malwares
Avatar de l’utilisateur
angelique
Geek à longue barbe
Geek à longue barbe
Messages : 28821
Inscription : 28 févr. 2008 14:58
Localisation : Breizhilienne à l' 0u3st
Contact :

RookLabs: outil d'analyse Milano

Message par angelique » 23 juil. 2015 20:05

Le 5 juillet 2015 dernier, l'entreprise italienne Hacking Team, spécialisée dans la commercialisation de logiciels d'espionnage et d'outils de piratage informatique a été elle-même... piratée.

Plus de 400 gigaoctets de données informatiques ont été dérobées. Les secrets de correspondance de la société Hacking Team et procédés techniques ont eté diffusés sur le Word Wide Web par les attaquants. Rapidement, les vulnérabilités qu'exploitaient la société italienne ont été implémentées dans des programmes malveillants et utilisées par d'autres attaquants.

La société Rook Security, spécialisée dans la sécurité informatique, s'est amusée à analyser tous les projets contenus dans les 400 GB de données et a mis au point à partir des signatures MD5 de tous ces malwares, un outil d'analyse baptisé Milano. L'outil ne fait pas la suppression des fichiers, uniquement de la détection.

En test sur du réel, ça donne quoi ?

angel@debian:~/Documents/gnu/milano-master$ ls
build_win32.py ChangeLog.txt GPL.md ioc_data.csv last_scan_results.txt LEGAL.txt lib logo.txt milano.cfg milano.py openioc README.md version.txt

angel@debian:~/Documents/gnu/milano-master$ python milano.py

Code : Tout sélectionner

===============================================================================
       _____ ______   ___  ___       ________  ________   ________
      |\   _ \  _   \|\  \|\  \     |\   __  \|\   ___  \|\   __  \
      \ \  \\\__\ \  \ \  \ \  \    \ \  \|\  \ \  \\ \  \ \  \|\  \
       \ \  \\|__| \  \ \  \ \  \    \ \   __  \ \  \\ \  \ \  \\\  \
        \ \  \    \ \  \ \  \ \  \____\ \  \ \  \ \  \\ \  \ \  \\\  \
         \ \__\    \ \__\ \__\ \_______\ \__\ \__\ \__\\ \__\ \_______\
          \|__|     \|__|\|__|\|_______|\|__|\|__|\|__| \|__|\|_______|

                                Version 1.0.1

                           Powered by Rook Security
===============================================================================

Code : Tout sélectionner

Copyright 2015 Rook Security, LLC. All rights reserved.

Press enter to continue...

LIMITATIONS OF LIABILITY AND INDEMNIFICATION

    Rook owns the rights, title and interest in all patents, copyrights,
    trade- secrets, trademarks in Milano software (the "Software"). By
    downloading this software, you will obtain a limited, revocable
    license to use the Software. The Software is and shall remain the sole
    and exclusive property of Rook, and Rook may make any use of the
    Software. Nothing herein shall be construed as granting You any
    license or other right except for those rights expressly granted. You
    shall not modify, reverse engineer, decompile, disassemble, copy or
    otherwise reproduce the Software or permit or induce any third party
    to do the same.

    You shall indemnify, defend, and hold harmless Rook and its officers,
    directors, shareholders, employees, representatives, agents, and
    affiliates from all claims, demands, liabilities, losses, damages,
    judgments or settlements, including all reasonable costs and expenses
    related thereto including attorney's fees and court costs, directly or
    indirectly resulting from any claim, proceeding, demand, expense, and
    liability of any kind whatsoever resulting from the use, manufacture,
    sale, lease, consumption, or advertisement of the Software; any
    material breach of the terms, conditions, or provisions of this
    Agreement. This Agreement shall be construed in accordance with, and
    governed in all respects by Indiana law, without regard to conflicts
    of law principles.

LIMITATIONS ON WARRANTIES, LIMIT OF LIABILITY

    ROOK MAKES NO REPRESENTATIONS, EXTENDS NO WARRANTIES OF ANY KIND,
    EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION,
    MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, QUIET
    ENJOYMENT, ACCURACY, COURSE OF DEALING, USAGE OR TRADE AND ROOK
    ASSUMES NO RESPONSIBILITY WHATSOEVER WITH RESPECT TO USE, OR THE RIGHT
    TO PRODUCE PRODUCTS MADE BY THE USE OF THE SOFTWARE UNDER THIS
    AGREEMENT. IN NO EVENT SHALL ROOK BE LIABLE TO YOU FOR ANY INDIRECT,
    PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN
    CONNECTION WITH THIS AGREEMENT OR YOU DOWNLOAD, INSTALLATION AND/OR
    USE OF THE SOFTWARE, EVEN IF THE REMEDIES SET FORTH IN THIS AGREEMENT
    FAIL OF THEIR ESSENTIAL PURPOSE.

LIMITATIONS OF SOFTWARE SERVICES

    This software is provided as-is.

    This software is designed to detect signatures for indicators of
    compromise ("IOCs") specifically to indicate systems compromised by
    Hacking Team exploits. Rook Security's intelligence team conducted
    extensive analysis on the IOCs provided in this release. The Rook team
    conducted both dynamic and static analysis on the files included in
    the 51 Github projects released under the "Hacked Team" moniker.
    During post-analysis, the Rook team compared hashes of the identified
    potentially malicious files against a number of antivirus vendors and
    industry standard whitelists. None of the hashes identified in this
    release were found in the whitelists searched.

    This release is limited to detection within the filesystem only.
    Registry, network, and other indicators will not be evaluated.

    The application is limited to the signatures identified by Rook
    Security at time of this release. The dynamic nature of filesystems
    limits the files that may be scanned. Some malware may attempt
    filesystem modification. Some malware may attempt rootkits that hide
    detection from scanners. This software will not attempt to uncover
    these hidden files.

    This software will not attempt to remediate detected files.
    Compromised systems may contain remnants of the attack, such as
    registry entries. Attacks may use trojans or other methods to
    compromise other components of the system that will not be detected.

Quick scan or deep scan (NOTE: quick scan is fast but incomprehensive)? [Q/d] d
Would you like to use the default path for Linux of '/'?  [Y/n]  y

Commencing scan...

Checking path: /initrd.img
   File clean
Checking path: /vmlinuz
   File clean
etc...............................


Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
http://angelik.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image
https://lilymarguerite.wixsite.com/lilymarguerite


Répondre

Revenir vers « Securite informatique »