Hi Community,
I have loaded the IOC packet from the FireJumper and run a scan against my computer.
The result is 24 matches of 171 IOCs. Now I want to understand why there are 24 matches and why these IOCs were found.
Here a small excerpt of the found IOCs:
"Mebroot Banking Trojan [Filename: iocbucket_0ec5a8e54c19dc453ea0d841208f0e8dafcae483_mebroot banking trojan.ioc] Scar Trojan [Filename: iocbucket_aed2bbe049d3db84707ce9c26a4aaac00fd1471e_scar trojan.ioc] BlackPoS Target Breach Malware [Filename: iocbucket_b91b6ee9ba2b7b85cb7b2c04fc6a4da16ed77326_blackpos target breach malware.ioc]"
I tried to understand why the ioc matched on my system, but i can't figure it out.
Attached the imported IOC and the result from the AMP Console.
Thanks
That means that there were 24 objects that matched, within all your IOCs. In order to find out which objects where matched, below the event that found 24 objects, there is another one “Endpoint IOC Scan Detection Summary”. Please expand it, click on “View All”. On that page (I believe your screenshot refers to that place) you should have see all IOCs that had at least 1 object matched. To find out what exactly was matched please click on “View Source” and there you should see matched objects on your system (those will be highlighted). For example:
Hope that helps.
Wojciech
