Good Day Team!
I hope You are all doing well!
We have a detection re: a remote ip attempting to connect to a certain server which hit the rule Suspicious Code in GIF File Detection.
We have blocked the ip, however, the detection has:
Threat Category: downloader
PA Subtype (custom): spyware
wherein we are currently in a dilemma if the former remediation is enough due to the lesser knowledge of the
logic of the Suspicious Code in GIF File rule.
Does this detection (Suspicious Code in GIF File):
- Scans/Detect network traffic, or
- it scans file.
Please kindly let me know if You have any questions or clarification of this inquiry.
Thank You!