Think you have a false positive on this rule?

Sid 1-46964

Message

MALWARE-CNC Win.Trojan.Ammyy RAT outbound connection

Summary

This event is generated when Ammayy RAT attempts to communicate with its command and control center.

Impact

Steal files and credentials

Detailed information

The rule is checking for the Trojan's communication with its command and control center.

Affected systems

  • Windows Systems

Ease of attack

Medium

False positives

None known

False negatives

None known

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • www.virustotal.com/#/file/bab69fb29c167451608f0840ede9dfb4c3c52fa0da5f38089ac7f2afbd94d867/detection