Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Followup to "What's going on..." SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Followup to "What's going on..."

During my last shift I posted a story where I noted increased traffic on ports 8800, 1100, and 5905 and asking if anyone had packets.  We didn't get any captures, but a week or so later, our friends over at MWcollect posted this story which I found very interesting/useful, so I wanted to point it out to the rest of you who may not follow their blog.  I haven't played much with libemu, but after reading this, I clearly need to spend some more time with it.

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Gulf Region 2020

Jim

416 Posts
ISC Handler
Jul 2nd 2008

Sign Up for Free or Log In to start participating in the conversation!