cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

Multiple endpoints flagged with Cloud IOC: W32.RubeusMalware.ioc

vendeville_lj
Level 1
Level 1

We've started getting googleupdate.exe popping up in the dashboard as Cloud IOC: W32.RubeusMalware.ioc, starting this afternoon. Neither the actual detection (352d9f7ed7f0d463aeb21597d6cf1492df34f622027a853a6e861c54434e6caa) nor the parent (googleupdate.exe - 07034876b9ec0b59432b96fedb7e10e332440159f9802faad5f5b99f01885f6b) are showing in VirusTotal, and I'm trying to determine if this is a false positive or an actual threat.

Only had six endpoints get flagged with this, but they've started trickling in since around 3:30pm EST today.\

*Edit*

Had three more detections for the same Cloud IOC, but svchost.exe, Dell.TechHub.Instrumentation.SubAgent.dll, and sensorlogontask.exe have been listed as the parent fingerprint. Updated title to reflect this.

Who Me Too'd this topic