|
Written by Matt Jonkman
|
|
Wednesday, 05 March 2008 |
http://doc.emergingthreats.net/bin/view/Main/TrojanDropper497
Interesting one. Has an html-like tag language to push stats and info about the system, and a keep alive status stream.
Haven't totally reversed it, but signatures are up that'll be reliable. 2007918-2007920
Calling it Yumato since it uses that name in it's server status messages. Clam calls is Dropper-497.
Matt
|
