Snort mailing list archives

Re: jRAT

From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 10 Jul 2013 07:03:52 -0600


On Jul 10, 2013, at 5:12 AM, Ned Moran <ned () mysterymachine info> wrote:

yeah, its been used in an APT campaign to pull down poison ivy.
unfortunately, i dont have specific examples that I am able share at
this time.

-ned

On 7/10/13 7:01 AM, James Lay wrote:

On Jul 9, 2013, at 8:12 PM, Ned Moran <ned () mysterymachine info> wrote:

is this what you are referring to https://jrat.pro/ ?

On 7/9/13 10:00 PM, James Lay wrote:

Anyone see info on this?  Trying to find samples or screenshots of c&c traffic or SOMETHING to go on.  Thanks all.

James


Thanks for the insight Ned.

James


------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

jRAT James Lay (Jul 09)
- Re: jRAT Ned Moran (Jul 09)
  - Re: jRAT James Lay (Jul 10)
    - Re: jRAT Ned Moran (Jul 10)
    - Re: jRAT James Lay (Jul 10)