Think you have a false positive on this rule?

Sid 1-48356

Message

MALWARE-CNC Win.Trojan.Banking download attempt initiated

Summary

This event is generated when the malware attempts to download a trojan http page

Impact

A Network Trojan was detected

Detailed information

Looks for multiple unique strings in the HTML document indicating the system is compromised

Affected systems

  • Windows

Ease of attack

Simple

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • www.virustotal.com/#/file/91781126feeae4d1a783f3103dd5ed0f8fc4f2f8e6f51125d1bfc06683b01c39