I’ve started seeing a sudden influx of alerts matching a hash from Malware Bazaar related to notepad.exe…from what I’m observing though, it appears to be a false positive but wanted to reach out to the community here to see if anyone else has noticed it.
Hi Scott,
which alert fired exactly? Was this a builtin detection? Malicious Hash on asset or perhaps a Community Threat alert?
David
Sorry - should’ve included that. It was a process hash based on the threat feed from malware bazaar. Not seeing it hit anywhere else like VT or others but never know