Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Considering the network pattern described on http://pastebin.com/emK1Vt5g it is possible to enable nmap to detect Finfisher C&C machines:
- vim /usr/share/nmap/nmap-service-probes
- It basically add-up to the ports for HTTP probing:
- - 22
- - 53
- - 4111
- And add that signature:
- match http m|^HTTP/1\.1 200 OK.*Hallo Steffi$|s p/FinFisher Governmental
- Monitoring Trojan C&C Server/
- The result is as follow:
- Starting Nmap 5.00 ( http://nmap.org ) at 2012-07-27 11:29 MSK
- Interesting ports on static.ip.77.69.140.194.batelco.com.bh (77.69.140.194):
- PORT STATE SERVICE VERSION
- 4111/tcp open http FinFisher Governmental Monitoring Trojan C&C Server
- The nmap-service-probes format is at http://nmap.org/book/vscan-fileformat.html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement