[Snort-sigs] [Snort-users] Vbs rat threat rules

Joel Esler (jesler) jesler at ...3865...
Mon Jan 27 21:40:55 EST 2014


Perhaps the reason is, “vbs rat” isn’t a specific attack, it’s a generic term.  We have lots of detection for Remote Access Tools, which one is really the question.


On Jan 27, 2014, at 7:49 PM, Feroz Basir <feroz.basir at ...2420...<mailto:feroz.basir at ...2420...>> wrote:

Hi again,

Anybody knows? Please help. Thanks.


Regards,
Feroz Fazidi Bin Basir

On 25 Jan 2014, at 19:34, Feroz Basir <feroz.basir at ...2420...<mailto:feroz.basir at ...2420...>> wrote:

Hi all,

Anybody knows which rule that vrt uses for detecting VBS RAT threat? Im sniffing proxy packet which I think change the packet.

Thanks.


Regards,
Feroz Basir

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140128/27476f1a/attachment.html>


More information about the Snort-sigs mailing list