Munin, Keeper of LoreApr 27, 2017

Today's incident: SIEM detects suspicious user-agent.

Tracing through the events, it looks like the cause is a user using a chinese browser to read chinese books.

Show threadAPT ate my homework
@munin tell me about it. The number of times I've seen "MALWARE CNC <malware x> User Agent" and it's turned out to be the original legit software that the malware was spoofing...
Apr 28, 2017 at 7:23amWeb
Show threadAPT ate my homeworkApr 28, 2017
@munin ... number of times I can recall it turning out to be actual malware: 0.