|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Megumi Yanagishita (megumi1990
gmail.com)
Date: Wed Oct 28 2009 - 15:14:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
we've developed a Wireshark plugin that will allow you to view
obfuscated pcaps of traffic from a Mariposa infected client and actually
decrypt them within Wireshark. The software is available to all as open
source software under the GNU GPL license. We hope that it helps in
doing further investigation and research into the Mariposa botnet.
Special thanks to Defence Intelligence for their analysis on Mariposa.
Attached please find the source code. You can get more information for
this tools on our blog at
http://www.paloaltonetworks.com/researchcenter/2009/10/mariposa-tool/<wlmailhtml:{1845F4BF-B103-4779-952B-DF9657F3740F}mid://00000002/!x-usc:http://www.paloaltonetworks.com/researchcenter/2009/10/mariposa-tool/>
You can also get the source code and a Windows DLL from the google code
at http://code.google.com/p/botnetdecoding/<wlmailhtml:{1845F4BF-B103-4779-952B-DF9657F3740F}mid://00000002/!x-usc:http://code.google.com/p/botnetdecoding/>
.
Thanks,
M.Yanagishita
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- application/octet-stream attachment: packet-mariposa.c
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]