Security researchers have written a Wireshark dissector that will decrypt the command and control protocol used by the Mariposa botnet. More information at Palo Alto Networks and Defence Intelligence.
Comments 🔗
Comment by ManOnFire on 2009-11-02 08:05:48 +0000 🔗
Anyone have a packet capture for mariposa C&C? I would like to test the decryption plugin. Thanks!
Comment by Gerald Combs on 2009-11-04 13:47:55 +0000 🔗
You might try contacting Palo Alto Networks or Defence Intelligence. I don’t see any capture file downloads on either site.