09-11-2023 02:22 AM
Good Morning,
Has anyone had WildFire-Virus threat events with the following threat ID:602574714 ?
|
Signature
|
Release
|
Hashes
|
|---|---|---|
|
Name: Virus/Win32.WGeneric.ebefcf Unique Threat ID: 602574714 Create Time: 2023-08-31 10:08:10 (UTC) |
Threat ID: n/a Current Release: n/a First Release: n/a |
21219d0038484fdd61b220f7d30b774b6216426f80fc8b2855032c5984410b65 |
|
Signature
|
Release
|
Hashes
|
|---|---|---|
|
Name: Virus/Win32.WGeneric.ebefcf Unique Threat ID: 602574714 Create Time: 2023-08-31 10:08:10 (UTC) |
Threat ID: n/a Current Release: n/a First Release: 799306 (2023-08-31 UTC) |
21219d0038484fdd61b220f7d30b774b6216426f80fc8b2855032c5984410b65 |
Since a few days we see a large number of alerts about threats detected by wildfire-virus related to traffic detected as ms-update application or web-browsing default action reset-both . Downloaded files are java script files : syntax taskpane_xxxxxxxxxxxxxxx.js, badz index_xxxxxxxxxxxxxxxxxxxxxxx.js.
The public IP addresses they connect to are mainly akamaitechnoligies.com or others, but after checking them on Virus Total or Cisco Talos they do not show any threats.
Has anyone observed similar events on the Palo Alto Firewall ?
Best Regards
