Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
rule Monero_Compromise
{
meta:
description = "Identifies compromised Monero binaries."
author = "@bartblaze"
date = "2019-11"
tlp = "White"
reference = "https://bartblaze.blogspot.com/2019/11/monero-project-compromised.html"
strings:
$ = "ZN10cryptonote13simple_wallet9send_seedERKN4epee15wipeable_stringE" ascii wide
$ = "ZN10cryptonote13simple_wallet10send_to_ccENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES6_i" ascii wide
$ = "node.xmrsupport.co" ascii wide
$ = "node.hashmonero.com" ascii wide
condition:
any of them
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.