[Snort-users] Vbs rat threat rules

Joel Esler (jesler) jesler at ...589...
Mon Jan 27 21:40:55 EST 2014

Perhaps the reason is, “vbs rat” isn’t a specific attack, it’s a generic term.  We have lots of detection for Remote Access Tools, which one is really the question.

On Jan 27, 2014, at 7:49 PM, Feroz Basir <feroz.basir at ...11827...<mailto:feroz.basir at ...11827...>> wrote:

Hi again,

Anybody knows? Please help. Thanks.

Feroz Fazidi Bin Basir

On 25 Jan 2014, at 19:34, Feroz Basir <feroz.basir at ...11827...<mailto:feroz.basir at ...11827...>> wrote:

Hi all,

Anybody knows which rule that vrt uses for detecting VBS RAT threat? Im sniffing proxy packet which I think change the packet.


Feroz Basir

CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140128/3f9ced8c/attachment.html>

More information about the Snort-users mailing list