Sign in
Follow

ETPRO TROJAN Likely Malicious SWF Beacon Requesting Exploit

 

 IP AddressPortHostname
Source (local) 52995  
Destination 46.41.129.132 (Poland) http (80) mcpixel.net 

 

Description:

  • This indicates a malicious flash web request.

 

False Positive:

  • YES
  • This rules appears to be general enough that it could result in false positives.
  • That is indeed the case with this particular trigger.
  • Validate via Virus Total https://www.virustotal.com/en/ip-address/46.41.129.132/information/ 
  • This event is caused by a web game called mcpixel.net

 

Action:

  • Flag rule as one that generates many false positive events

Comments

Powered by Zendesk