3 Replies Latest reply on May 18, 2016 9:18 AM by andy777

    SIEM: njRAT traffic detected


      We have a SIEM in our environment that we're currently tuning and part of that process is reducing the noise in our console.

      One offense I've been working on is: Malware: njRAT traffic detected.

      This is the only alert I've found. The source IP and Destination IP both are NOT in my network. Below is the screenshot of the same.



      Here are my concerns-


      1. I am not sure, why I am getting this alert as, none of the IPs belong to my network?

      2. Has the RAT installed a backdoor in my system? If yes, how am I going to remove that(as I am not sure about the system it has compromised) ?