API tools faq
paste
bartblaze

Monero_Compromise

bartblaze
Nov 19th, 2019
489
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.74 KB | None | 0 0
raw download clone embed print report
  1. rule Monero_Compromise
  2. {
  3. meta:
  4. description = "Identifies compromised Monero binaries."
  5. author = "@bartblaze"
  6. date = "2019-11"
  7. tlp = "White"
  8. reference = "https://bartblaze.blogspot.com/2019/11/monero-project-compromised.html"
  9.  
  10. strings:
  11. $ = "ZN10cryptonote13simple_wallet9send_seedERKN4epee15wipeable_stringE" ascii wide
  12. $ = "ZN10cryptonote13simple_wallet10send_to_ccENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_i" ascii wide
  13. $ = "ZN10cryptonote13simple_wallet9send_seedERKN4epee15wipeable_stringE" ascii wide
  14. $ = "ZN10cryptonote13simple_wallet10send_to_ccENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_i" ascii wide
  15. $ = "node.xmrsupport.co" ascii wide
  16. $ = "node.hashmonero.com" ascii wide
  17.  
  18. condition:
  19. any of them
  20. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!