Never saw this before but my IDS overnight starting spewing out malware alerts with an originating IP of my Hubitat device. Hoping its a false positive but thought I would post as my IDS has never alerting on anything in over 12 months of it running.
signature:"ET MALWARE Hash - STRRAT (ja3)"
category:"A Network Trojan was detected"
It is likely a false positive. I use Crowdstrike and have never seen an issue.
Looks like the ruleset was just updated recently which is probably why this just started. I will continue to monitor just to be safe.
Curious what are you using? Suricata, Juniper or something else?
Thanks
Suricata on OPNSense but itβs all good now as the updated rule was removed by the Emerging Threats team. I guess others had issues as well.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
Download the Hubitat app
