Think you have a false positive on this rule?

Sid 1-46885


MALWARE-CNC Win.Trojan.Joanap variant outbound connection


This event is generated when command and control communication from a client infected with The Joanap trojan is detected.


A Network Trojan was detected

Detailed information

Affected systems

  • Windows 7, 8, 10

Ease of attack

False positives

None known.

False negatives

None known.

Corrective action

A client infected with Joanap requires immediate remediation and isolation from the production network.


  • Cisco's Talos Intelligence Group

Additional References