The AlienVault Blogs
Taking On Today’s Threats
October 10, 2013

Yara rules for leaked KINS toolkit

Just a few days ago, the source code of the famous KINS banking trojan was leaked.

KINS is a professional-grade banking trojan, destinated to infect as much computers as possible in order to steal credit cards, bank account credentials and related information from victims. Seen as a replacement to Citadel, it was identified in the wild not long ago. Now, this leak can lead to new variants and malware families.

In this toolkit we can find all the source code and compiled versions of the different components, as well as the web panel to manage a botnet. XyliBox made a good analysis of the package.

After study the components, we have written two yara rules to match the dropper and the zeus version used as bot. You can find and freely use them in our github repository.

‹ BACK TO ALL BLOGS

Get the latest
security news in
your inbox.

Subscribe via Email

Labs Research
Security Essentials
All Blogs

Gartner MQ

Featured Content

Chat