Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8925
Views
0
Helpful
1
Replies

MALWARE-CNC Win.Trojan.Gh0st variant outbound connection

d@rkNit3_76
Level 1
Level 1

‎12-27-2017 08:15 AM - edited ‎02-21-2020 07:02 AM

Can someone assist me in finding IoC on host system related to this particular IPS event.  I read somewhere that they could be false positive events linked to device that perform some security related function. Traffic source is from Shodan (66.250.205.34) reported by Firepower ASA.

 

External Reference to IPS event:

https://www.volexity.com/blog/2017/03/23/have-you-been-haunted-by-the-gh0st-rat-today/

19 people had this problem
Labels:
0 Helpful
1 Reply 1

rick11
Level 1
Level 1

‎12-17-2018 05:15 AM

I was curious if you find a solution....

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card