False positives in subdomain
pcebrianz opened this issue · 1 comments
pcebrianz commented
Hi team, thanks for your work as always.
We have detected a high number of false positives regarding the following indicator:
jspassport[.]ssl[.]qhimg[.]com[.]
Apparently the C2 Server you detected it is on:
jspassport[.]ssl[.]qhimg[.]com[.]dsa[.]dnsv1[.]com[.]cn
This is already on your domain list.
Could you please check this?
Best regards
drb-ra commented
Thank you for reporting it! Given where it's used in the C2 configuration it will be filtered. New feeds should update shortly.