As usual…a week or more late…
Post Update 2015-07-31 New tool version: Milano 1.1.0 Release with Linux and Mac OSx IOC's Now Included - Rook Security
Anyway, Rook Security spent some time analyzing the data-dump from Hacking Team and in the process have found some indicators of compromise (IOCs) of a Hacking Team presence on a system.
Basically you can download their free/open-source tool which does a quick or full scan of a system and compares the files against known IOC hashes.
Downloads - Rook Security. Current look for the “Milano 1.0.1: Hacking Team Malware Detection Utility” link. There is also an MSI version for enterprise deployment.
Then it’s up to your leet skills to figure out if these are false positives or not.
I’ve ran their tool against both my systems. The quick scan is very fast. The full scan took a nighttime to complete on my traditional HDD system but it ran very fast across my SSDD drive system. In all cases my systems came back clean.
It’s a portable app so no excuse not to include in in your USB carry-stick toolkit.
You may want to keep an eye on their tool for updates. At least one update has been released. It is also unknown if other security vendors are adding the IOC/hashes to their own detection engines.
More info here
- New Hacking Team IOC's Released - Rook Security
- Milano: Hacking Team Malware Detection Utility - Rook Security
- Source Code for Milano v1.0.1 Available on GitHub - Rook Security
- Check your computer for Hacking Team malware with these essential security tools - BetaNews
- A new, free download that can hunt for the firm's exploits - Readwrite
- Find out if your Windows PC is infected with Hacking Team malware - gHacks Tech News
- Free tools for detecting Hacking Team malware in your systems - Help Net Security