EditAttachPrintable
r1 - 29 May 2008 - 21:39:05 - MattJonkmanYou are here: TWiki >  Main Web > 2008269 > TrojanEmogen

Trojan Emogen

Interesting Command and Control channel. Sids 2008269 and 2008270 detect it.

It starts out with a heavily 00 padded packet that has the username, computername, OS type, and the number 20080101. The server never responds with data. The client then does keepalives that are just 4 byte packets containing "test".

-- MattJonkman - 29 May 2008

Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback