Our AMCORE Content already has coverage for it, however to confirm it's the variant you are specifically asking about, we would need an IOC or samples from yourself.
We do have a threat advisory for Ryuk as well but we've since migrated some of our documents to another platform and right now I can't find the right link. I'll update this thread later once re-discovered 🙂
Thank you for your post! Adding to @chealey 's response:
Have you had a chance to review this?
Why cannot McAfee confirm coverage based on Malware Name and why do we need a sample or Hash value?
It is very important to note that each malware under one name can have multiple variants comprising multiple files that perform different attacks at different levels. Hence, coverage need to be confirmed using specific hashes and samples.
I hope this helps!
Our labs team are very proactive and are constantly reviewing new variants of any Malware seen. We don't just sit back and twirl our thumbs until a customer submits a sample 🙂
When customers ask us to confirm coverage, it is crucial that we get the IOC or sample they are referring to so that we can fully confirm our detection of that specific variant. Otherwise we'd just be making a very generic statement and that is of no use to anyone.
Apart from this, we have other teams who work on adding new content to other areas of the product i.e. the TIE rules for ATP or EP Content for ENS. All of these rules catch other types of intrusions and threats that can't be easily detected by content quite as easily.