03-26-2024 01:51 PM - edited 03-26-2024 02:01 PM
We've started getting googleupdate.exe popping up in the dashboard as Cloud IOC: W32.RubeusMalware.ioc, starting this afternoon. Neither the actual detection (352d9f7ed7f0d463aeb21597d6cf1492df34f622027a853a6e861c54434e6caa) nor the parent (googleupdate.exe - 07034876b9ec0b59432b96fedb7e10e332440159f9802faad5f5b99f01885f6b) are showing in VirusTotal, and I'm trying to determine if this is a false positive or an actual threat.
Only had six endpoints get flagged with this, but they've started trickling in since around 3:30pm EST today.\
*Edit*
Had three more detections for the same Cloud IOC, but svchost.exe, Dell.TechHub.Instrumentation.SubAgent.dll, and sensorlogontask.exe have been listed as the parent fingerprint. Updated title to reflect this.
Solved! Go to Solution.
03-26-2024 02:24 PM - edited 03-26-2024 02:25 PM
Just received this email from Cisco :
False Positive Detections
Cisco is aware of the false positive detection related to Cloud IOC: W32.RubeusMalware.ioc. The IOC is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.
Kind regards,
03-26-2024 02:24 PM - edited 03-26-2024 02:25 PM
Just received this email from Cisco :
False Positive Detections
Cisco is aware of the false positive detection related to Cloud IOC: W32.RubeusMalware.ioc. The IOC is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.
Kind regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide