Think you have a false positive on this rule?

Sid 1-43193

Message

MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection

Summary

This event is generated when activity relating to malware is detected.

Impact

Serious. Possible existance of malware on the target host.

Detailed information

This activity is indicative of malware activity on a host. In this case the MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection was detected.

Affected systems

Ease of attack

Simple. This may be an indication of a malware infestation.

False positives

None known.

False negatives

None known.

Corrective action

Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.

Contributors

  • Cisco Talos

Additional References

  • www.us-cert.gov/ncas/alerts/TA17-164A