Analysis Report
TROJAN Unrecom Style External IP Check
Description
- This alert is indicating a Java-based application is attempting to check the public IP of the host that it currently is operating on by communicating with checkip.amazonaws.com. This method of IP check is known to be associated with Malware attempting to indicate the IP of the host they have infected.
Vector
- HTTP, Port 80
Known False Positive Indicators
- To locate if this has falsely tripped the application on the host that generated the alert will need to be identified. If the application is legitimate software that is expected to be on the host then it is likely a false positive.
Affected Host
- Any/All
Classification
- Malware
Sentinel Signature
-
TROJAN Unrecom Style External IP Check
DNS Calls
- No correlating DNS request
Comments
0 comments
Article is closed for comments.