Any McAfee threat detect name are there for Bioazih virus kindly let me know.
I am found some other vendor detection.
What about mcafee ?????
Moved this to Web Threats.
I see lots of entries for Dorifel in a Search at the Threat Center but nothing there for bioazih, or anything at VirusTotal.
Hopefully someone else will spot this and post.
Done a lot of searching and under the Kaspersky name for it Trojan-Dropper.Win32.Dorifel.xag I found this: RDN/Generic Dropper!36936BC284F0 | Virus Profile & Definition | McAfee Inc.
It's not easy tracking these as every maker gives them a different name, so you may have found a new variant which should be submitted if possible.
Found an interesting article: http://blogs.technet.com/b/mmpc/archive/2015/04/13/bioazih-rat-how-clean-file-metadata-can-help-keep...
Seems like it is an sophisticated threat. The problem with such malware is, you will loose when using a signature based technology only. Because signature based technology is always reactive. You have to find "unknown" or "possible malware files" on your endpoint, submit them to the AV vendor. Afterwards you get an signature update... this takes time.
BUT, how about any malware which consists of multiple file where each file for its own is not malicious?? 😞
I checked some known MD5 hashes of "Bioazih". This files are known as an Artemis!... detection or are detected by GAM with malicious behavior.
- But what about HTTPS inspection??
Conslusion: Bioazih is not a traditional "malicious file". Bioazih is more sophisticated. You have to change your mindset "there is a file, i have a signature and i remove it". With this mindset you will not be able to stop sophisticated threats.
If the malware is removed from your endpoint your environment was not able to detected the multiple steps before until the malware was activated on endpoint.
Based on my research there are different malware samples involved in the "Bioazih environment". I think there is no answer possible to say "McAfee detection for Bioazih is XXX". Because this threat consists of serveral files, attach methodes and detection names.
Hope this helps,