Think you have a false positive on this rule?

Sid 1-34292


MALWARE-CNC Win.Trojan.Kraken outbound connection


This event is generated when activity relating to malware is detected.


Serious. Possible existance of malware on the target host.

Detailed information

This activity is indicative of malware activity on a host. In this case the MALWARE-CNC Win.Trojan.Kraken outbound connection was detected.

Affected systems

Ease of attack

Simple. This may be an indication of a malware infestation.

False positives

None known.

False negatives

None known.

Corrective action

Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.


  • Cisco Talos

Additional References