False positive on Android Trojan

Greetings everyone,

Im writing to see what is the best way to report a false positive on a signature.

Signature: ET JA3 Hash - Trojan.AndroidOS.Jocker.snt 1

Background: Seeking advice on next steps in investigation | Netgate Forum

If needed i can provide pcaps for further analysis but this NixPlay device is performing normal lookups and the flows are safe to known endpoints.

1 Like

Thanks for your report @michmoor ! We’ll take a look.

1 Like