Snort mailing list archives
Re: jRAT
From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 10 Jul 2013 07:03:52 -0600
On Jul 10, 2013, at 5:12 AM, Ned Moran <ned () mysterymachine info> wrote:
yeah, its been used in an APT campaign to pull down poison ivy. unfortunately, i dont have specific examples that I am able share at this time. -ned On 7/10/13 7:01 AM, James Lay wrote:On Jul 9, 2013, at 8:12 PM, Ned Moran <ned () mysterymachine info> wrote:is this what you are referring to https://jrat.pro/ ? On 7/9/13 10:00 PM, James Lay wrote:Anyone see info on this? Trying to find samples or screenshots of c&c traffic or SOMETHING to go on. Thanks all. James
Thanks for the insight Ned. James ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!