Is your computer infected by some of the HackingTeam tools? You can find out now! Rook Security released their tool called Milano, witch are sharing freely, scans for the presence of files associated with the recent Hacking Team breach. For this first iteration of the tool, we they conducted analysis on 93 Windows binaries released from the Hacked Team breach. These files were specific to the projects found on the Hacked Team git projects. They are continuing to review the remaining files from the 400Gb and will provide more .ioc files as more information is available. Milano can scan to find Hacking Team associated files in two different ways: Quick scan: This mode scans for files by filename. If a filename matches, it then checks if file’s computed hash matches the hash from the Hacking-Team-associated file. This approach is not comprehensive, but it is an OK starting point for detection. It is much faster than the deep scan approach. Deep scan: This approach checks all files (via their computed hash) against all md5s from Hacking-Team-associated files. You can grab the tool there, unpack and run (opens shell): https://www.rooksecurity.com/wp-content/uploads/2015/07/Package_1.1.zip For possible future updates, check there: https://www.rooksecurity.com/hacking-team-malware-detection-utility/
