topic Multiple endpoints flagged with Cloud IOC: W32.RubeusMalware.ioc in Endpoint Security https://community.cisco.com/t5/endpoint-security/multiple-endpoints-flagged-with-cloud-ioc-w32-rubeusmalware-ioc/m-p/5051068#M8249 <P>We've started getting googleupdate.exe popping up in the dashboard as&nbsp;Cloud IOC: W32.RubeusMalware.ioc, starting this afternoon. Neither the actual detection (352d9f7ed7f0d463aeb21597d6cf1492df34f622027a853a6e861c54434e6caa) nor the parent (googleupdate.exe -&nbsp;07034876b9ec0b59432b96fedb7e10e332440159f9802faad5f5b99f01885f6b) are showing in VirusTotal, and I'm trying to determine if this is a false positive or an actual threat.</P><P>Only had six endpoints get flagged with this, but they've started trickling in since around 3:30pm EST today.\</P><P>*Edit*</P><P>Had three more detections for the same Cloud IOC, but svchost.exe, Dell.TechHub.Instrumentation.SubAgent.dll, and&nbsp;<SPAN>sensorlogontask.exe have been listed as the parent fingerprint. Updated title to reflect this.</SPAN></P> Tue, 26 Mar 2024 21:01:28 GMT vendeville_lj 2024-03-26T21:01:28Z Multiple endpoints flagged with Cloud IOC: W32.RubeusMalware.ioc https://community.cisco.com/t5/endpoint-security/multiple-endpoints-flagged-with-cloud-ioc-w32-rubeusmalware-ioc/m-p/5051068#M8249 <P>We've started getting googleupdate.exe popping up in the dashboard as&nbsp;Cloud IOC: W32.RubeusMalware.ioc, starting this afternoon. Neither the actual detection (352d9f7ed7f0d463aeb21597d6cf1492df34f622027a853a6e861c54434e6caa) nor the parent (googleupdate.exe -&nbsp;07034876b9ec0b59432b96fedb7e10e332440159f9802faad5f5b99f01885f6b) are showing in VirusTotal, and I'm trying to determine if this is a false positive or an actual threat.</P><P>Only had six endpoints get flagged with this, but they've started trickling in since around 3:30pm EST today.\</P><P>*Edit*</P><P>Had three more detections for the same Cloud IOC, but svchost.exe, Dell.TechHub.Instrumentation.SubAgent.dll, and&nbsp;<SPAN>sensorlogontask.exe have been listed as the parent fingerprint. Updated title to reflect this.</SPAN></P> Tue, 26 Mar 2024 21:01:28 GMT https://community.cisco.com/t5/endpoint-security/multiple-endpoints-flagged-with-cloud-ioc-w32-rubeusmalware-ioc/m-p/5051068#M8249 vendeville_lj 2024-03-26T21:01:28Z Re: Multiple endpoints flagged with Cloud IOC: W32.RubeusMalware.ioc https://community.cisco.com/t5/endpoint-security/multiple-endpoints-flagged-with-cloud-ioc-w32-rubeusmalware-ioc/m-p/5051088#M8250 <P>Just received this email from Cisco :</P><P>False Positive Detections<BR /><SPAN>Cisco is aware of the false positive detection related to Cloud IOC: W32.RubeusMalware.ioc. The IOC is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.</SPAN></P><P>Kind regards,</P> Tue, 26 Mar 2024 21:25:28 GMT https://community.cisco.com/t5/endpoint-security/multiple-endpoints-flagged-with-cloud-ioc-w32-rubeusmalware-ioc/m-p/5051088#M8250 LudoD 2024-03-26T21:25:28Z