Bandook Trojan

Sigs by Matt Jonkman 2003543 through 2003565

View all related Signatures here

This is a windows backdoor, very full features. PrinceAli? is the author. Recent version available at http://www.nuclearwintercrew.com

Sample PCAPs available below.

Versions 1.2 and 1.3+ changed significantly. There's what appears to be some somple XORd network communication in 1.3+. The current sigs work well with the respective versions, but future releases may not be detected if the encryption proto is changed.

-- MattJonkman - 12 Apr 2007

Topic attachments
I Attachment Action Size Date Who Comment
Unknown file formatpcap bandook1.2.pcap manage 3.1 K 2008-05-12 - 22:25 MattJonkman  
Unknown file formatpcap bandook1.35.pcap manage 62.6 K 2008-05-12 - 22:25 MattJonkman  
Topic revision: r3 - 2008-07-11 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats