Home page logo

nmap-dev logo Nmap Development mailing list archives

[PATCH] APT1 ssl certificates
From: "Mariusz \"mzet\" Ziulek" <zlabs.eu () gmail com>
Date: Thu, 26 Sep 2013 12:21:21 +0200

Hi everyone,

Mandiant company updated it's APT1 report (http://www.mandiant.com/apt1) by
releasing fingerprints of ssl certificates used by APT1 malware (details
can be found here: https://www.mandiant.com/blog/md5-sha1/). Update was
released quite time ago (in March) but I still think it's worth to have it
in Nmap.

I think that the good place for it is ssl-known-key script and it's
database of 'problematic' ssl keys. Currently there are only certs from
Little Black Box 0.1 project so I added APT1 certs there.

What do you guys think about it?


website: http://zlabs.eu
blog: http://softwareflaws.blogspot.com

Attachment: apt1-certs.diff

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]