Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1856
Views
2
Helpful
1
Replies

Multiple endpoints flagged with Cloud IOC: W32.RubeusMalware.ioc

Go to solution
vendeville_lj
Level 1
Level 1

‎03-26-2024 01:51 PM - edited ‎03-26-2024 02:01 PM

We've started getting googleupdate.exe popping up in the dashboard as Cloud IOC: W32.RubeusMalware.ioc, starting this afternoon. Neither the actual detection (352d9f7ed7f0d463aeb21597d6cf1492df34f622027a853a6e861c54434e6caa) nor the parent (googleupdate.exe - 07034876b9ec0b59432b96fedb7e10e332440159f9802faad5f5b99f01885f6b) are showing in VirusTotal, and I'm trying to determine if this is a false positive or an actual threat.

Only had six endpoints get flagged with this, but they've started trickling in since around 3:30pm EST today.\

*Edit*

Had three more detections for the same Cloud IOC, but svchost.exe, Dell.TechHub.Instrumentation.SubAgent.dll, and sensorlogontask.exe have been listed as the parent fingerprint. Updated title to reflect this.

6 people had this problem
Preview file
60 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
LudoD
Level 1
Level 1

‎03-26-2024 02:24 PM - edited ‎03-26-2024 02:25 PM

Just received this email from Cisco :

False Positive Detections
Cisco is aware of the false positive detection related to Cloud IOC: W32.RubeusMalware.ioc. The IOC is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.

Kind regards,

View solution in original post

1 Reply 1

Go to solution
LudoD
Level 1
Level 1

‎03-26-2024 02:24 PM - edited ‎03-26-2024 02:25 PM

Just received this email from Cisco :

False Positive Detections
Cisco is aware of the false positive detection related to Cloud IOC: W32.RubeusMalware.ioc. The IOC is being reviewed and Cisco is investigating the root cause. We apologize for any inconvenience this may have caused.

Kind regards,

Customers Also Viewed These Support Documents