Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Thousands of Retrospective Malware Detections - W32.975C0D48C4.RET.SBX.TG

Solved
Jameson
Getting noticed
‎Apr 13 2023 7:44 AM
‎Apr 13 2023 7:44 AM

Thousands of Retrospective Malware Detections - W32.975C0D48C4.RET.SBX.TG

We are receiving thousands of (9000+ so far) retrospective malware detections as of about 10 minutes ago (4/13/2023 10:26 AM Eastern)

 

SHA256: 975c0d48c41d2ad76a242d5f7270f4bf8063bb9c753b3

Filenames: ArchiveFile and W32.975C0D48C4.RET.SBX.TG

 

All of the download locations so far appear to to be Microsoft. Some Example URLs below.

 

MERAKI AMP TEAM -- Is this legit or a false positive?????

 

VirusTotal to SHA256: VirusTotal - File - 975c0d48c41d2ad76a242d5f7270f4bf8063bb9c753b375ab2c47c9e2060f562

 

http://9.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3d3c4265-57fd-450e-9bda-9fb5f46...

 

http://4.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3d3c4265-57fd-450e-9bda-9fb5f46...

http://11.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3d3c4265-57fd-450e-9bda-9fb5f4...

 

 

Labels:
0 Kudos
Subscribe
1 Accepted Solution
Jameson
Getting noticed
‎Apr 13 2023 8:28 AM
‎Apr 13 2023 8:28 AM

For most up-to-date information go to these two posts: 

Malware Detected - The Meraki Community

Security Center False Positive Alert - April 13th 2023 - The Meraki Community

 

View solution in original post

Subscribe
3 Replies 3
Jameson
Getting noticed
‎Apr 13 2023 8:28 AM
‎Apr 13 2023 8:28 AM

For most up-to-date information go to these two posts: 

Malware Detected - The Meraki Community

Security Center False Positive Alert - April 13th 2023 - The Meraki Community

 

Subscribe
Kave
Getting noticed
‎Apr 13 2023 8:28 AM
‎Apr 13 2023 8:28 AM

HI,

 I got alot of  Alert from Meraki as well, Looks like the DNS is belong to Microsoft but i am still searching.

 after tracert the last hope was:

 

a23-211-116-171.deploy.static.akamaitechnologies.com [23.211.116.171]

 

kav noroozi
0 Kudos
Subscribe
HaniAbuelkhair4
Getting noticed
‎Apr 13 2023 9:46 AM
‎Apr 13 2023 9:46 AM

HaniAbuelkhair4_0-1681404377910.png

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.