False positive on Android Trojan

michmoor · October 19, 2023, 2:00pm

Greetings everyone,

Im writing to see what is the best way to report a false positive on a signature.

Signature: ET JA3 Hash - Trojan.AndroidOS.Jocker.snt 1

If needed i can provide pcaps for further analysis but this NixPlay device is performing normal lookups and the flows are safe to known endpoints.

rgonzalez · October 19, 2023, 7:34pm

Thanks for your report @michmoor ! We’ll take a look.

Topic		Replies	Views
Possible FP: ET JA3 Hash - [Abuse.ch] Possible Adwind Feedback & Support etopen	3	515	July 14, 2023
Possible FP - JA3 Hash - [Abuse.ch] Possible Adware Rule Signatures etopen	1	323	August 1, 2023
Signature: ET TROJAN Possible HijackLoader Second Stage PNG Rule Signatures	5	276	March 21, 2024
Possible FP: ET MALWARE Sourtoff Receiving Simda Payload Rule Signatures etopen	4	297	July 7, 2023
NEW SIG: ET TROJAN Falsefont.Backdoor APT33 Initial Handshake Rule Signatures	1	212	March 22, 2024