Think you have a false positive on this rule?

Sid 1-46885

Message

MALWARE-CNC Win.Trojan.Joanap variant outbound connection

Summary

This event is generated when command and control communication from a client infected with The Joanap trojan is detected.

Impact

A Network Trojan was detected

Detailed information

https://www.us-cert.gov/ncas/alerts/TA18-149A

Affected systems

  • Windows 7, 8, 10

Ease of attack

False positives

None known.

False negatives

None known.

Corrective action

A client infected with Joanap requires immediate remediation and isolation from the production network.

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • www.virustotal.com/#/file/077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885/detection
  • www.virustotal.com/#/file/4c5b8c3e0369eb738686c8a111dfe460e26eb3700837c941ea2e9afd3255981e/detection