Clarified IP URL in memory message

cuckoosandbox · Mar 3, 2019 · dc5a851 · dc5a851
1 parent f95987c
commit dc5a851
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/modules/signatures/windows/memdump_urls.py b/modules/signatures/windows/memdump_urls.py
@@ -71,7 +71,7 @@ def on_complete(self):
 
 class ProcMemDumpIPURLs(Signature):
     name = "memdump_ip_urls"
-    description = "Found IP Address URLs in process memory dump potentially indicative of C2 as normally domain names would be used"
+    description = "Found URLs in memory pointing to an IP address rather than a domain (potentially indicative of Command & Control traffic)"
     severity = 3
     categories = ["unpacking", "c2"]
     authors = ["Kevin Ross"]