Probable false positive in IOC list
Yanneiff opened this issue · comments
Yanneiff commented
Hello,
First of all thanks for sharing this emotet IOC's list,
20.190.159.23 seems to be a false positive as it appears to be owned by Microsoft (autologon.microsoftazuread-sso.com)
Freilichtbühne commented
I also had difficulties with this, but it is only an indicator. The addresses in this repo are sometimes owned by Microsoft or others. You have to be careful with them. Most often, you should pay attention to indicators that appear at the same time.
Asheer commented
The IP is point to MSonline's login prompt right now.
I'm removing this from our IOC lists on account of the potential FP but will keep investigate it further.