Think you have a false positive on this rule?

Sid 1-49411

Message

MALWARE-CNC Win.Trojan.FrameworkPoS anti-debugging long dns query attempt

Summary

This event is generated when FrameworkPoS malware makes dns based anti-debugging check.

Impact

A Network Trojan was detected

Detailed information

This event is generated when FrameworkPoS malware makes dns based anti-debugging check. If dns results in IP address other than 11.22.33.44 then malware will not execute further

Affected systems

  • Windows based OS

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References