Wednesday, October 28, 2009

Wireshark Plugin for Mariposa Botnet Command and Control

"Yamata Li of the Palo Alto Networks Threat Research Team has developed a Wireshark plugin that will allow you to view obfuscated pcaps of traffic from a Mariposa infected client and actually decrypt them within Wireshark."


http://www.paloaltonetworks.com/researchcenter/2009/10/mariposa-tool/

Thanks Yamata, the time and effort you have put into this plug-in is much appreciated. 

B.Kilrea
Threat Analyst

No comments: