Using Nepenthes

Hi, this manual is just covering the basic stuffs. Basically Nepenthes will catch malware faster if you put it in a place where the network is unfiltered.
Few things needed:
  • nepenthes
  • clam-av (so that you can scan the binaries)
  • hexeditor or khexeditor for KDE (if you want to go through the ASCII content)
  • and if "strings" command suit you, it'll give you easier read.

This snippet of output was taken from chatbox with snip3r (hehe)

$clamscan /var/lib/nepenthes/binaries/
/var/lib/nepenthes/binaries/malware_host_arp.pcap: OK
/var/lib/nepenthes/binaries/5b969ead104bf6afd187c4aad480ac45: OK
/var/lib/nepenthes/binaries/a9827363248ccc412911b1719d18183a: OK
/var/lib/nepenthes/binaries/94ee7b1bfa628bd990c5cbd522f3cf84: Trojan.Vanbot-41 FOUND
/var/lib/nepenthes/binaries/f948757c0ba0d2cd663f1e3988eb8787: Trojan.Mybot-7872 FOUND
/var/lib/nepenthes/binaries/7097c55ee0535457025dd158bb1988bb: Worm.Blaster.B FOUND


Well, in the " /var/lib/nepenthes/ " , it contains TWO other folders which are "hexdumps" (which in the SVN version is considered obsolete) and "binaries"

Comments

Popular posts from this blog

Panduan Bas Ekspres Kuala Lumpur (TBS) - Skudai

Cara Renew Passport Pembantu Rumah di Kedutaan Indonesia 2015