Hi, we found some connections from one of our devices using rutserv.exe to 126.96.36.199 using port 5655. And our soc found this as possibly malicious, due to this ip being in few places mentioned as IoC for log4j c2c, custom detections. Is it verified RU ip?
Yes, this is one of our servers. The reason why your security software says that it might be malicious is that someone may use our legitimate software for malicious purpose and that use was detected. However, this doesn't make the server itself or the software malicious (which is pretty hard to explain to security experts given their level of paranoia:) ).
In other words, the fact that hackers use Windows or Linux to build viruses doesn't make these OSes malicious per se. Unfortunately, modern security software is mostly "reputation-based" and immediately flags benign software as a virus or "suspicious" if it was used at least once in some illegal activity (see technical support scam).