EmergingThreats> Main Web>TrojanBandook (revision 2)EditAttach

Bandook Trojan

Sigs by Matt Jonkman 2003543 through 2003565

View all related Signatures here

This is a windows backdoor, very full features. PrinceAli? is the author. Recent version available at http://www.nuclearwintercrew.com

Sample PCAPs available below.

Versions 1.2 and 1.3+ changed significantly. There's what appears to be some somple XORd network communication in 1.3+. The current sigs work well with the respective versions, but future releases may not be detected if the encryption proto is changed.

-- MattJonkman - 12 Apr 2007

Topic attachments
I Attachment Action Size Date Who Comment
Unknown file formatpcap bandook1.2.pcap manage 3.1 K 2008-05-12 - 22:25 MattJonkman  
Unknown file formatpcap bandook1.35.pcap manage 62.6 K 2008-05-12 - 22:25 MattJonkman  
Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r2 - 2008-05-12 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats