Reader Jake sent us an awesome bundle of RAT-related mayhem collected during performance of his duties while investigating the unfortunate and prolonged compromise of a company we'll fictitiously call Hazrat Supply.
Guess what? The RAT that was plaguing the Hazrat Supply environment was proxying traffic back to a Chinese hosting company
more here............https://isc.sans.edu/diary/Keeping+the+RATs+out%3A+an+exercise+in+building+IOCs+-+Part+1/18401
Guess what? The RAT that was plaguing the Hazrat Supply environment was proxying traffic back to a Chinese hosting company
more here............https://isc.sans.edu/diary/Keeping+the+RATs+out%3A+an+exercise+in+building+IOCs+-+Part+1/18401