does mcafee ENS (10.7) currently strong against attack from Vyveva ? the new ariant of lazarus,
i just got the news from here : https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-new-vyveva-malware-to-attack...
because our costumer want to make sure their environment is safe from this attack using mcafee ens,
SHA-1 Filename ESET detection name Description
DAD50AD3682A3F20B2F35BE2A94B89E2B1A73067 powerctl.exe Win32/NukeSped.HX Installer
69529EED679B0C7F1ACC1FD782A4B443CEC0CF83 powerctl.dll Win32/NukeSped.HX Loader (x86)
043ADDFB93A10D187DDE4999D78096077F26E9FD wwanauth.dll Win64/NukeSped.EQ Loader (x64)
1E3785FC4FE5AB8DAB31DDDD68257F9A7FC5BF59 wwansec.dll Win32/NukeSped.HX Loader (x86)
4D7ADD8145CB096359EBC3E4D44E19C2735E0377 msobjs.drx - Backdoor (encrypted)
92F5469DBEFDCEE1343934BE149AFC1241CC8497 msobjs.drx Win32/NukeSped.HX Backdoor (decrypted with fixed MZ header)
A5CE1DF767C89BF29D40DC4FA6EAECC9C8979552 JET76C5.tmp - Backdoor Tor library (encrypted)
66D17344A7CE55D05A324E1C6BE2ECD817E72680 JET76C5.tmp Win32/NukeSped.HY Backdoor Tor library (decrypted with fixed MZ header)
Hi @Dwee ,
I've lookedup those hash values but currently McAfee is unable to source the samples in public.
Incase these samples becomes available eventually, we shall review and add to coverage if malicious.
thanks for your response, so in the mean time what do you suggest for the answer for me to give to my customer ? this one the lazarus one ? https://kc.mcafee.com/corporate/index?page=content&id=KB94170&locale=en_US
or just say that the mcafee team still investigate for this new threat ?
Thanks for your post.
I would like to request you to please open a Service Request with Support Team.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?