EditAttachPrintable
r1 - 12 Apr 2007 - 15:44:59 - MattJonkmanYou are here: TWiki >  Main Web > TrojanBandook

Bandook Trojan

Sigs by Matt Jonkman 2003543 through 2003565

View all related Signatures here

This is a windows backdoor, very full features. PrinceAli? is the author. Recent version available at http://www.nuclearwintercrew.com

Sample PCAPs available below.

Versions 1.2 and 1.3+ changed significantly. There's what appears to be some somple XORd network communication in 1.3+. The current sigs work well with the respective versions, but future releases may not be detected if the encryption proto is changed.

-- MattJonkman - 12 Apr 2007

Show attachmentsHide attachments
Topic attachments
I Attachment Action Size Date Who Comment
elsepcap bandook1.2.pcap manage 3.1 K 12 Apr 2007 - 15:28 MattJonkman  
elsepcap bandook1.35.pcap manage 62.6 K 12 Apr 2007 - 15:28 MattJonkman  
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
Main

 
Docs at Bleeding Threats
This site is powered by the TWiki collaboration platformCopyright © Bleeding Edge Threats.
Ideas, requests, problems regarding TWiki? Send feedback