03-26-2024 01:51 PM - edited 03-26-2024 02:01 PM
We've started getting googleupdate.exe popping up in the dashboard as Cloud IOC: W32.RubeusMalware.ioc, starting this afternoon. Neither the actual detection (352d9f7ed7f0d463aeb21597d6cf1492df34f622027a853a6e861c54434e6caa) nor the parent (googleupdate.exe - 07034876b9ec0b59432b96fedb7e10e332440159f9802faad5f5b99f01885f6b) are showing in VirusTotal, and I'm trying to determine if this is a false positive or an actual threat.
Only had six endpoints get flagged with this, but they've started trickling in since around 3:30pm EST today.\
*Edit*
Had three more detections for the same Cloud IOC, but svchost.exe, Dell.TechHub.Instrumentation.SubAgent.dll, and sensorlogontask.exe have been listed as the parent fingerprint. Updated title to reflect this.
Solved! Go to Solution.