ETPRO CURRENT_EVENTS Possible Job314/Neutrino Reboot EK Flash Exploit Jan 07 2015 M2

Description:

• User hit a Neutrino exploit kit.
• See the following for an example of a successful attack:
• http://www.malware-traffic-analysis.net/2016/01/04/index.html

False Positive:

• NO
• This isn't a false positive. It correctly detects that a user has stumbled into an exploit kit.
• It is a low probability indicator of compromise by itself.
• Checked and verified that the user clearly has the latest flash version.
• Second hit was same as a above.
• https://www.google.com/transparencyreport/safebrowsing/diagnostic/#url=disgregare.weddingfireworks4u.co.uk

Action:

• Alarming on a single EK hit is questionable.
• This was a single hit with no additional suspicious or new alarms.
• Second hit, same as above.
• No action.