Yara rules for leaked KINS toolkit
Posted on 11.10.2013
Just a few days ago, the source code of the famous KINS banking Trojan was leaked.

KINS aims to infect as much computers as possible in order to steal credit cards, bank account credentials and related information from victims. Seen as a replacement to Citadel, it was identified in the wild not long ago. Now, this leak can lead to new variants and malware families.

In this toolkit we can find all the source code and compiled versions of the different components, as well as the web panel to manage a botnet. XyliBox made a good analysis of the package.

After study the components, we have written two Yara rules to match the dropper and the zeus version used as bot. Yara is a tool aimed at helping malware researchers to identify and classify malware samples.

You can find and freely use them in our GitHub repository.


Author: Alberto Ortega, Research Engineer at AlienVault.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //