TUCoPS :: HP Unsorted M :: bt-21892.htm

Mariposa Botnet C&C decryption plugin for wireshark
Mariposa Botnet C&C decryption plugin for wireshark
Mariposa Botnet C&C decryption plugin for wireshark


Hi all,

  We've developed a Wireshark plugin that will allow you to view obfuscated pcaps of traffic from a Mariposa infected client and actually decrypt them within Wireshark. The software is available to all as open source software under the GNU GPL license. We hope that it helps in doing further investigation and research into the Mariposa botnet.
  Special thanks to Defence Intelligence for their analysis on Mariposa.

  You can get more information for this tools on our blog at

http://www.paloaltonetworks.com/researchcenter/2009/10/mariposa-tool/ 

  You can also get the source code and a Windows DLL from the google code at

http://code.google.com/p/botnetdecoding/ 


Thanks,
M.Yanagishita

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH