<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="2050" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-IE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I came across a Symantec report today: <a href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf">
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf</a><o:p></o:p></p>
<p class="MsoNormal">I was wondering if the information within it was made into a VRT rule. However, disappointingly I cant see any of it being made into rules.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Im also not sure if this the right place to be bringing this issue up. Can someone recommend a person within sourcefire that would knowledge about the rule generation process?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Cheers<o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-family:"Arial","sans-serif"">Barry Weymes,
</span></b><span style="font-family:"Arial","sans-serif"">MSc. SSCP<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#27A4CD">Cybercrime Specialist 
</span><span style="font-family:"Arial","sans-serif";color:black">| </span><span lang="NL" style="font-family:"Arial","sans-serif";color:black"><a href="mailto:weymes@...1166..."><span lang="EN-IE" style="color:blue">weymes@...1166...</span></a></span><span style="font-family:"Arial","sans-serif";color:black">|
</span><span style="font-family:"Arial","sans-serif";color:#27A4CD"> </span><span lang="NL"><a href="http://www.linkedin.com/profile/view?id=43157458"><span lang="EN-IE" style="color:blue">Linkedin</span></a></span><span lang="NL" style="font-family:"Arial","sans-serif";color:#27A4CD">
</span><span style="font-family:"Arial","sans-serif";color:#27A4CD"><o:p></o:p></span></p>
<p class="MsoNormal"><!--[if gte vml 1]><v:line id="Straight_x0020_Connector_x0020_3" o:spid="_x0000_s1026" style='position:absolute;z-index:1;visibility:visible;mso-wrap-distance-top:-1e-4mm;mso-wrap-distance-bottom:-1e-4mm' from="-4.05pt,8.35pt" to="466.3pt,8.35pt" o:gfxdata="UEsDBBQABgAIAAAAIQC2gziS/gAAAOEBAAATAAAAW0NvbnRlbnRfVHlwZXNdLnhtbJSRQU7DMBBF
90jcwfIWJU67QAgl6YK0S0CoHGBkTxKLZGx5TGhvj5O2G0SRWNoz/78nu9wcxkFMGNg6quQqL6RA
0s5Y6ir5vt9lD1JwBDIwOMJKHpHlpr69KfdHjyxSmriSfYz+USnWPY7AufNIadK6MEJMx9ApD/oD
OlTrorhX2lFEilmcO2RdNtjC5xDF9pCuTyYBB5bi6bQ4syoJ3g9WQ0ymaiLzg5KdCXlKLjvcW893
SUOqXwnz5DrgnHtJTxOsQfEKIT7DmDSUCaxw7Rqn8787ZsmRM9e2VmPeBN4uqYvTtW7jvijg9N/y
JsXecLq0q+WD6m8AAAD//wMAUEsDBBQABgAIAAAAIQA4/SH/1gAAAJQBAAALAAAAX3JlbHMvLnJl
bHOkkMFqwzAMhu+DvYPRfXGawxijTi+j0GvpHsDYimMaW0Yy2fr2M4PBMnrbUb/Q94l/f/hMi1qR
JVI2sOt6UJgd+ZiDgffL8ekFlFSbvV0oo4EbChzGx4f9GRdb25HMsYhqlCwG5lrLq9biZkxWOiqY
22YiTra2kYMu1l1tQD30/bPm3wwYN0x18gb45AdQl1tp5j/sFB2T0FQ7R0nTNEV3j6o9feQzro1i
OWA14Fm+Q8a1a8+Bvu/d/dMb2JY5uiPbhG/ktn4cqGU/er3pcvwCAAD//wMAUEsDBBQABgAIAAAA
IQB+Ywn54wEAACAEAAAOAAAAZHJzL2Uyb0RvYy54bWysU9uO0zAQfUfiHyy/06SXZdmo6Qq1Wl5W
UG3ZD3AdO7GwPZZt2vTvGTtNWC4SAvFiZTxzzsw5nqzve6PJSfigwNZ0PispEZZDo2xb0+fPD2/e
URIisw3TYEVNLyLQ+83rV+uzq8QCOtCN8ARJbKjOrqZdjK4qisA7YViYgRMWkxK8YRFD3xaNZ2dk
N7pYlOXb4gy+cR64CAFvd0OSbjK/lILHT1IGEYmuKc4W8+nzeUxnsVmzqvXMdYpfx2D/MIVhymLT
iWrHIiNfvfqFyijuIYCMMw6mACkVF1kDqpmXP6k5dMyJrAXNCW6yKfw/Wv7xtPdENTVdUmKZwSc6
RM9U20WyBWvRQPBkmXw6u1Bh+dbufVLKe3twj8C/BMwVPyRTENxQ1ktvUjlKJX32/TL5LvpIOF7e
3N0uV6sbSviYK1g1Ap0P8YMAQ9JHTbWyyRJWsdNjiKk1q8aSdK1tOgNo1TworXPg2+NWe3JiuASL
2/er7S7pQeCLMowSNAsZZs8q4kWLgfZJSPQJp53n9nlDxUTLOBc2zq+82mJ1gkkcYQKWfwZe6xNU
5O39G/CEyJ3BxglslAX/u+6xH0eWQ/3owKA7WXCE5rL34xvjGmbnrr9M2vOXcYZ//7E33wAAAP//
AwBQSwMEFAAGAAgAAAAhAAfUyIbdAAAACAEAAA8AAABkcnMvZG93bnJldi54bWxMj09Lw0AQxe+C
32EZwYu0m7SQ1phNKYIFj2lF9DbNTv7Q7GzY3bbx27viQY/z3uPN7xWbyQziQs73lhWk8wQEcW11
z62Ct8PLbA3CB2SNg2VS8EUeNuXtTYG5tleu6LIPrYgl7HNU0IUw5lL6uiODfm5H4ug11hkM8XSt
1A6vsdwMcpEkmTTYc/zQ4UjPHdWn/dkoeH91K/zcVunHqeKmccsdPRx2St3fTdsnEIGm8BeGH/yI
DmVkOtozay8GBbN1GpNRz1Ygov+4XGQgjr+CLAv5f0D5DQAA//8DAFBLAQItABQABgAIAAAAIQC2
gziS/gAAAOEBAAATAAAAAAAAAAAAAAAAAAAAAABbQ29udGVudF9UeXBlc10ueG1sUEsBAi0AFAAG
AAgAAAAhADj9If/WAAAAlAEAAAsAAAAAAAAAAAAAAAAALwEAAF9yZWxzLy5yZWxzUEsBAi0AFAAG
AAgAAAAhAH5jCfnjAQAAIAQAAA4AAAAAAAAAAAAAAAAALgIAAGRycy9lMm9Eb2MueG1sUEsBAi0A
FAAGAAgAAAAhAAfUyIbdAAAACAEAAA8AAAAAAAAAAAAAAAAAPQQAAGRycy9kb3ducmV2LnhtbFBL
BQYAAAAABAAEAPMAAABHBQAAAAA=
" strokecolor="#27a4cd">
<o:lock v:ext="edit" shapetype="f" />
</v:line><![endif]--><![if !vml]><span style="mso-ignore:vglayout;position:relative;z-index:1;left:-6px;top:10px;width:629px;height:12px"><img width="629" height="2" src="cid:image001.png@...3778..." v:shapes="Straight_x0020_Connector_x0020_3"></span><![endif]><span style="font-family:"Arial","sans-serif";color:#27A4CD"><o:p> </o:p></span></p>
<br style="mso-ignore:vglayout" clear="ALL">
<table class="MsoNormalTable" border="1" cellspacing="0" cellpadding="0" width="630" style="width:472.4pt;border-collapse:collapse;border:none">
<tbody>
<tr>
<td width="272" valign="bottom" style="width:203.85pt;border:none;padding:0cm 5.4pt 0cm 5.4pt">
<p class="MsoNormal"><span style="font-size:10.0pt"><img border="0" width="240" height="63" id="Picture_x0020_1" src="cid:image002.png@...180.....3778..." alt="Description: Description: Description: Description: logo voor e-mail 250px 96dpi transparent"></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p></o:p></span></p>
</td>
<td width="263" valign="bottom" style="width:197.0pt;border:none;padding:0cm 5.4pt 0cm 5.4pt">
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#27A4CD">Olof Palmestraat 6, Delft</span><span lang="EN-US" style="font-family:"Arial","sans-serif";color:#27A4CD"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#27A4CD">P.O. Box 638, 2600 AP Delft<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#27A4CD">The Netherlands<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="NL" style="font-size:10.5pt;font-family:"Arial","sans-serif";color:#27A4CD;background:white">+31 (0)15 284 79 62</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#27A4CD"><o:p></o:p></span></p>
</td>
<td width="95" valign="bottom" style="width:71.55pt;border:none;padding:0cm 5.4pt 0cm 5.4pt">
<p class="MsoNormal" align="right" style="text-align:right"><span lang="NL" style="font-size:10.0pt"><a href="http://www.fox-it.com/"><b><span lang="EN-US" style="font-family:"Arial","sans-serif";color:#27A4CD;text-decoration:none">FOX-IT.COM</span></b></a></span><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#27A4CD"><o:p></o:p></span></b></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#27A4CD">Chamber of Commere Haaglanden (No. 27301624).
<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>