Malicious File Detection: APT1 Software on System

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

Nessus detected potentially unwanted files on the remote host.

Description :

The md5sum of one or more files on the remote Windows host matches the
signature distributed by Mandiant of software known to be involved in
corporate espionage by a unit called APT1.

Verify that the remote files are legitimate and authorized in your
environment.

See also :

http://www.nessus.org/u?1fa52e43
https://www.fireeye.com/current-threats/threat-intelligence-reports.html

Solution :

Uninstall the remote software if it does not match your security
policy, investigate your network for further signs of a breach

Risk factor :

Critical

Family: Windows

Nessus Plugin ID: 88958 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now