Skip to content

Instantly share code, notes, and snippets.

@bartblaze
Last active January 8, 2020 21:14
Show Gist options
  • Save bartblaze/5578998ed706349d14008a2428428dc6 to your computer and use it in GitHub Desktop.
Save bartblaze/5578998ed706349d14008a2428428dc6 to your computer and use it in GitHub Desktop.
rule Monero_Compromise
{
meta:
description = "Identifies compromised Monero binaries."
author = "@bartblaze"
date = "2019-11"
tlp = "White"
reference = "https://bartblaze.blogspot.com/2019/11/monero-project-compromised.html"
strings:
$ = "ZN10cryptonote13simple_wallet9send_seedERKN4epee15wipeable_stringE" ascii wide
$ = "ZN10cryptonote13simple_wallet10send_to_ccENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_i" ascii wide
$ = "node.xmrsupport.co" ascii wide
$ = "node.hashmonero.com" ascii wide
condition:
any of them
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment