RATs in our Honeypot
- From: "Mark Ryan del Moral Talabis" <talabis@xxxxxxxxx>
- Date: Mon, 10 Apr 2006 08:47:59 +0800
RATs in our Honeypot
We caught a hacker in our honeynet trying to download his "tools" into
one of our honeypots. We decided to look into it and study the tools
he is using. We started by tracing where his "toolkit" was located.
The "toolkit" consisted of different flavors of malware:
- Remote Administration Tools (RAT) and Backdoors(IRC)
- Password Stealers
- File Infectors
- Network tools (scanners)
- various Spywares
Full analysis and malware samples:
http://www.philippinehoneynet.org/data.php
- Prev by Date: Re: DOD Inside
- Next by Date: Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only
- Previous by thread: Bogon IPs traffic only seen by netflow, confined within a VLAN only
- Next by thread: Re: How to determine which PHP-script allows spamming?
- Index(es):
