cancel
Showing results for 
Search instead for 
Did you mean: 
gyana
Level 7
Report Inappropriate Content
Message 1 of 5

''Bioazih" Virus detect file name missing McAfee threat lab.

Hello All,

Any McAfee threat detect name are there for Bioazih  virus kindly let me know.

I am found some other vendor detection.

Torjan/Win32.Npkon -                     AhnLab
Torjan-Dropper.win32.Dorifel.xag-   kespersky
TR/Crypt.CFI.Gen                             Avira
W32/Dorifel.XAG!tr                          Fortinet
TORJ_DRPBEAT.SMA                       Trend Micro

What about mcafee ?????

4 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: ''Bioazih" Virus detect file name missing McAfee threat lab.

Moved this to Web Threats.

I see lots of entries for Dorifel in a Search at the Threat Center but nothing there for bioazih, or anything at VirusTotal.

Hopefully someone else will spot this and post.

Peter

Moderator

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 3 of 5

Re: ''Bioazih" Virus detect file name missing McAfee threat lab.

Done a lot of searching and under the Kaspersky name for it Trojan-Dropper.Win32.Dorifel.xag I found this:  RDN/Generic Dropper!36936BC284F0 | Virus Profile & Definition | McAfee Inc.

It's not easy tracking these as every maker gives them a different name, so you may have found a new variant which should be submitted if possible.

Submit a Virus or Malware Sample | McAfee Labs

Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: ''Bioazih" Virus detect file name missing McAfee threat lab.

Hi,

do you have an MD5 Hash of the malware file?? Or any sample available?

Cheers

Highlighted
Reliable Contributor Troja
Reliable Contributor
Report Inappropriate Content
Message 5 of 5

Re: ''Bioazih" Virus detect file name missing McAfee threat lab.

Found an interesting article: http://blogs.technet.com/b/mmpc/archive/2015/04/13/bioazih-rat-how-clean-file-metadata-can-help-keep...

Seems like it is an sophisticated threat. The problem with such malware is, you will loose when using a signature based technology only. Because signature based technology is always reactive. You have to find "unknown" or "possible malware files" on your endpoint, submit them to the AV vendor. Afterwards you get an signature update... this takes time.

BUT, how about any malware which consists of multiple file where each file for its own is not malicious?? 😞

I checked some known MD5 hashes of "Bioazih". This files are known as an Artemis!... detection or are detected by GAM with malicious behavior.

- But what about HTTPS inspection??

Conslusion: Bioazih is not a traditional "malicious file". Bioazih is more sophisticated. You have to change your mindset "there is a file, i have a signature and i remove it". With this mindset you will not be able to stop sophisticated threats.

If the malware is removed from your endpoint your environment was not able to detected the multiple steps before until the malware was activated on endpoint.

Based on my research there are different malware samples involved in the "Bioazih environment". I think there is no answer possible to say "McAfee detection for Bioazih is XXX". Because this threat consists of serveral files, attach methodes and detection names.

Hope this helps,

Cheers

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community