Hi to all of you,
as you can see from the following pics we have a client, inside our network, that is communicating with a botnet called Kelihos.
I made a search and the traffic passed over https.
I have the following questions:
How can I be sure that the ip mentioned is really part of a botnet.
I made a search on virustotal and http://www.threatstop.com/
and the IP is not mentioned.
I run malwarebyte + nod 32 and it didn't find any trace of malware
how can I be sure that the client has no infection even if the antivirus installed ( Nod eset ) confirm that the system is clean?