Think you have a false positive on this rule?

Sid 1-50767

Message

MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel

Summary

This event is generated when ALMA Dot DNS tunneling beacons are detected.

Impact

A Network Trojan was detected

Detailed information

Affected systems

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • virustotal.com/gui/file/e52b8b0e8225befec156b355b3022faf5617542b82aa54f9f42088aa05a4ec49