IDS detecting "Malware Hash - STRRAT" originating from Hubitat IP

Never saw this before but my IDS overnight starting spewing out malware alerts with an originating IP of my Hubitat device. Hoping its a false positive but thought I would post as my IDS has never alerting on anything in over 12 months of it running.

signature:"ET MALWARE Hash - STRRAT (ja3)"
category:"A Network Trojan was detected"

It is likely a false positive. I use Crowdstrike and have never seen an issue.

Looks like the ruleset was just updated recently which is probably why this just started. I will continue to monitor just to be safe.

1 Like

Curious what are you using? Suricata, Juniper or something else?
Thanks

Suricata on OPNSense but it’s all good now as the updated rule was removed by the Emerging Threats team. I guess others had issues as well.

2 Likes