[Snort-sigs] jRAT

James Lay jlay at ...3266...
Wed Jul 10 09:03:52 EDT 2013


On Jul 10, 2013, at 5:12 AM, Ned Moran <ned at ...3764...> wrote:

> yeah, its been used in an APT campaign to pull down poison ivy.
> unfortunately, i dont have specific examples that I am able share at
> this time.
> 
> -ned
> 
> On 7/10/13 7:01 AM, James Lay wrote:
>> On Jul 9, 2013, at 8:12 PM, Ned Moran <ned at ...3764...> wrote:
>> 
>>> is this what you are referring to https://jrat.pro/ ?
>>> 
>>> On 7/9/13 10:00 PM, James Lay wrote:
>>>> Anyone see info on this?  Trying to find samples or screenshots of c&c traffic or SOMETHING to go on.  Thanks all.
>>>> 
>>>> James

Thanks for the insight Ned.

James





More information about the Snort-sigs mailing list