| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4fd563920910281314l34ad85fal169744845e8f8053@mail.gmail.com>
Date: Thu, 29 Oct 2009 04:14:00 +0800
From: Megumi Yanagishita <megumi1990@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Mariposa Botnet C&C decryption plugin for
wireshark
Hi all,
we've developed a Wireshark plugin that will allow you to view
obfuscated pcaps of traffic from a Mariposa infected client and actually
decrypt them within Wireshark. The software is available to all as open
source software under the GNU GPL license. We hope that it helps in
doing further investigation and research into the Mariposa botnet.
Special thanks to Defence Intelligence for their analysis on Mariposa.
Attached please find the source code. You can get more information for
this tools on our blog at
http://www.paloaltonetworks.com/researchcenter/2009/10/mariposa-tool/<wlmailhtml:{1845F4BF-B103-4779-952B-DF9657F3740F}mid://00000002/!x-usc:http://www.paloaltonetworks.com/researchcenter/2009/10/mariposa-tool/>
You can also get the source code and a Windows DLL from the google code
at http://code.google.com/p/botnetdecoding/<wlmailhtml:{1845F4BF-B103-4779-952B-DF9657F3740F}mid://00000002/!x-usc:http://code.google.com/p/botnetdecoding/>
.
Thanks,
M.Yanagishita
Content of type "text/html" skipped
Download attachment "packet-mariposa.c" of type "application/octet-stream" (8482 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists