r3 - 11 Jul 2008 - 15:05:53 - MattJonkmanYou are here: TWiki > 
Main Web > MalwareDocs > TrojanBandook
Main Web > MalwareDocs > TrojanBandookBandook Trojan
Sigs by Matt Jonkman 2003543 through 2003565 View all related Signatures here This is a windows backdoor, very full features. PrinceAli? is the author. Recent version available at http://www.nuclearwintercrew.com Sample PCAPs available below. Versions 1.2 and 1.3+ changed significantly. There's what appears to be some somple XORd network communication in 1.3+. The current sigs work well with the respective versions, but future releases may not be detected if the encryption proto is changed. -- MattJonkman - 12 Apr 2007| I | Attachment | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|
 pcap | bandook1.2.pcap | manage | 3.1 K | 12 May 2008 - 22:25 | MattJonkman | |
| pcap | bandook1.35.pcap | manage | 62.6 K | 12 May 2008 - 22:25 | MattJonkman |
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback