English Forums > Intrusion Detection and Prevention
ETPRO TROJAN Observed Malicious SSL Cert
(1/1)
jaj1105:
Hi all,
I have a lot of blocked alert from rules SID 2843255 (AZORult CnC) and 2837244 (Coinminer JS Host) on port 443.
The destinations OS is: Windows, Mac OSX, IOS, Linux, Android...
Is it a malware or only bad web navigation?
Thanks for your help!
Best regards,
Joseph
FullyBorked:
--- Quote from: jaj1105 on July 02, 2020, 09:41:12 pm ---Hi all,
I have a lot of blocked alert from rules SID 2843255 (AZORult CnC) and 2837244 (Coinminer JS Host) on port 443.
The destinations OS is: Windows, Mac OSX, IOS, Linux, Android...
Is it a malware or only bad web navigation?
Thanks for your help!
Best regards,
Joseph
--- End quote ---
Without more info it's hard to say. If you just saw the alerts once I would say it's possible it was simply a bad hit on a website. However if you are seeing this regularly you may have malware. Regardless I would check the client machine that triggered the alarm for malware.
Navigation
[0] Message Index
Go to full version