Honeypots mailing list archives

Re: RATs in our Honeypot

From: "Mark Ryan del Moral Talabis" <talabis () gmail com>
Date: Tue, 11 Apr 2006 09:14:23 +0800

Dear all,

It seems that the malware "toolkit" website that I mentioned in my
previous post has been taken down. For you guys that sent me emails
for a copy of the malwares, you can download it at:

http://www.philippinehoneynet.org/downloads/malware_samples.zip
Password: infected

Cheers!
Ryan Talabis
Philippine Honeynet Project
http://www.philippinehoneynet.org



Mark Ryan del Moral Talabis wrote:

RATs in our Honeypot

We caught a hacker in our honeynet trying to download his "tools" into
one of our honeypots. We decided to look into it and study the tools
he is using. We started by tracing where his "toolkit" was located.

The "toolkit" consisted of different flavors of malware:

- Remote Administration Tools (RAT) and Backdoors(IRC)
- Password Stealers
- File Infectors
- Network tools (scanners)
- various Spywares

Full analysis and malware samples:
http://www.philippinehoneynet.org/data.php

Cheers!
Ryan Talabis
Philippine Honeynet Project
http://www.philippinehoneynet.org

Current thread:

RATs in our Honeypot Mark Ryan del Moral Talabis (Apr 10)
- Message not available
  - Re: RATs in our Honeypot Mark Ryan del Moral Talabis (Apr 10)
- <Possible follow-ups>
- Re: RATs in our Honeypot Stefan Kelm (Apr 12)