Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Megumi Yanagishita (megumi1990gmail.com)
Date: Wed Oct 28 2009 - 15:14:00 CDT
we've developed a Wireshark plugin that will allow you to view
obfuscated pcaps of traffic from a Mariposa infected client and actually
decrypt them within Wireshark. The software is available to all as open
source software under the GNU GPL license. We hope that it helps in
doing further investigation and research into the Mariposa botnet.
Special thanks to Defence Intelligence for their analysis on Mariposa.
Attached please find the source code. You can get more information for
this tools on our blog at
You can also get the source code and a Windows DLL from the google code
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- application/octet-stream attachment: packet-mariposa.c