Products
Platform
General
Public groups
We are receiving thousands of (9000+ so far) retrospective malware detections as of about 10 minutes ago (4/13/2023 10:26 AM Eastern)
SHA256: 975c0d48c41d2ad76a242d5f7270f4bf8063bb9c753b3
Filenames: ArchiveFile and W32.975C0D48C4.RET.SBX.TG
All of the download locations so far appear to to be Microsoft. Some Example URLs below.
MERAKI AMP TEAM -- Is this legit or a false positive?????
VirusTotal to SHA256: VirusTotal - File - 975c0d48c41d2ad76a242d5f7270f4bf8063bb9c753b375ab2c47c9e2060f562
http://9.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3d3c4265-57fd-450e-9bda-9fb5f46...
http://4.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3d3c4265-57fd-450e-9bda-9fb5f46...http://11.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3d3c4265-57fd-450e-9bda-9fb5f4...
Solved! Go to solution.
For most up-to-date information go to these two posts:
Malware Detected - The Meraki Community
Security Center False Positive Alert - April 13th 2023 - The Meraki Community
View solution in original post
HI,
I got alot of Alert from Meraki as well, Looks like the DNS is belong to Microsoft but i am still searching.
after tracert the last hope was:
a23-211-116-171.deploy.static.akamaitechnologies.com [23.211.116.171]
