TippingPoint
cancel
Showing results for 
Search instead for 
Did you mean: 

Poison Ivy Remote Access Tool (RAT)

MattRoberson
Occasional Contributor

Poison Ivy Remote Access Tool (RAT)

Does TippingPoint have a filter that would detect/block the initialization of the encrypted communications channel between an infected host and the C&C server for the Poison Ivy Remote Access Tool (RAT)? I searched the filters on my SMS and ThreatLinQ and I didn't find anything, so I expect the answer is no.  It would be nice if TippingPoint did have one. Apparently snort does. 

 

Also, does TippingPoint receive Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) alerts?