cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 9
Report Inappropriate Content
Message 1 of 21

Malware Coverage Details

Jump to solution

Is this a right place to post queries on malware coverage ?

9 Solutions

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Thank you for your response and feedback!

For the below Hashes:

7c401bde8cafc5b745b9f65effbd588f - Generic.VD

34c10ae0b87e3202fea252e25746c32d - Trojan-FFMB!34C10AE0B87E

Both these files are covered by McAfee ENS and VSE via their DAT updates:

*Note: They seem to be very old Malware files. May I know if there is any active infection or you are looking for coverage information to ensure you are protected?

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Could not keep myself form kudoing that response though! 😄

Back to the coverage request, The below Hash has coverage based on GTI/ARTEMIS. that is we do not have coverage via DAT which can be obtained via a service Request with us.

However if GTI/Artemis feature is enabled on your endpoint, and with a active Internet connection to our GTI Servers, you are protected by us from this malware.

MD5: e2a6d049f57a1cc7b43f8e605068aced

Detection Name: JS/Miner.ck

Please create a Service Request with us so that I can request our labs team to generate coverage via DAT as well if you need the same.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Thank you for your update. Looks like this one also has the same kind of detection. That is, We do not have coverage in DAT/AMCore, however having FTI/Artemis ON should help in detecting it.

MD5: b8e8ecaf1246f013747d3c2c9e35f6ab

Detection name: W32/Ramnit.a!

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Thanks for your response. this one is a bit interesting, the name you have given as detection for this file is actually detection name of McAfee Endpoint Security. This file is detected by Artemis. However, we do not have sample with us and hence there is no DAT based detection available.

MD5: 40fa849d4a6b7aa7231b4d9b4c6ae04e

Detection name: Artemis!41A005C7C493

Detection technology - GTI/Artemis

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 12 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Sure thing! JS/Miner.af (trojan) is the detection name, and once again this is more of a recently identified detection and hence is not yet added in the DAT/Amcore content. This detection is done by Artemis/GTI.

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 14 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

This is also pretty much same as the previous one in terms of detection component/technology.

Detection name:  JS/Iframe.AE (trojan)

Detection Technology: Artemis/GTI

I sincerely hope this helps! Feel free to post more if you have... You can place more than one hash after consolidating them together and I can search the list for you. That way, it is much easier for you to obtain answers in bulk rather than individual posts!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted

Re: Malware Coverage Details

Jump to solution

Next one is below -

 


Exploit:HTML/IframeRef.gen - 8a7697b984661861ea830d15f1147199

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 16 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Thank you for your post. the detection name is as follows:

Exploit-IFrame.gen.ak (trojan)

This is again an Artemis/GTI based detection not included in DAT yet. Hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 19 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Thank you for your time. I am afraid we do not have a detection for the below hashes, however with a Support request and necessary details, we can certainly generate one for you!

  • 6e1fd7e12e5a3be4da19476607498a33
  • b6de95d9707721e5f8752808dc50f860

Please not that we do have sample available however without a reliable IOC/Threat research document, we may not be able to generate detection for these files.

For the remaining hashes, the detections are all based on GTI/Artemis and the details are as follows:

4b94e86dc87015ab7cef61fec8357652 - JS/Miner.ag (trojan)

086767386629879f4004e0f0b3c56005 - JS/Miner.ck

f4de761973ac51c4cc2ac5ca8dec4873 - W32/Ramnit.a!htm

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

20 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Thank you for your query here! yes you can post your queries on coverage information. However for Files that we do not have any coverage or Vulnerabilities that have no publicly available information on coverage, we would strongly recommend creating a Service Request with us for investigating the same.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Highlighted
Level 9
Report Inappropriate Content
Message 3 of 21

Re: Malware Coverage Details

Jump to solution

That was faster response than I expected, thank you.

 

I have a long list of malwares and their hashes, I will start with this -

 

Emotet - 7c401bde8cafc5b745b9f65effbd588f 34c10ae0b87e3202fea252e25746c32d

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Thank you for your response and feedback!

For the below Hashes:

7c401bde8cafc5b745b9f65effbd588f - Generic.VD

34c10ae0b87e3202fea252e25746c32d - Trojan-FFMB!34C10AE0B87E

Both these files are covered by McAfee ENS and VSE via their DAT updates:

*Note: They seem to be very old Malware files. May I know if there is any active infection or you are looking for coverage information to ensure you are protected?

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted
Level 9
Report Inappropriate Content
Message 5 of 21

Re: Malware Coverage Details

Jump to solution

Wouldn't be on forums if our systems were affected 🙂

 

Next one is miner.ck - e2a6d049f57a1cc7b43f8e605068aced

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Could not keep myself form kudoing that response though! 😄

Back to the coverage request, The below Hash has coverage based on GTI/ARTEMIS. that is we do not have coverage via DAT which can be obtained via a service Request with us.

However if GTI/Artemis feature is enabled on your endpoint, and with a active Internet connection to our GTI Servers, you are protected by us from this malware.

MD5: e2a6d049f57a1cc7b43f8e605068aced

Detection Name: JS/Miner.ck

Please create a Service Request with us so that I can request our labs team to generate coverage via DAT as well if you need the same.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted
Level 9
Report Inappropriate Content
Message 7 of 21

Re: Malware Coverage Details

Jump to solution

Noted, thanks for taking time doing this tedious task.

 

Next ramnit.a!htm - b8e8ecaf1246f013747d3c2c9e35f6ab

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Thank you for your update. Looks like this one also has the same kind of detection. That is, We do not have coverage in DAT/AMCore, however having FTI/Artemis ON should help in detecting it.

MD5: b8e8ecaf1246f013747d3c2c9e35f6ab

Detection name: W32/Ramnit.a!

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted
Level 9
Report Inappropriate Content
Message 9 of 21

Re: Malware Coverage Details

Jump to solution

Next 


Artemis!41A005C7C493 - 40fa849d4a6b7aa7231b4d9b4c6ae04e

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 21

Re: Malware Coverage Details

Jump to solution

Hi @summaji,

Thanks for your response. this one is a bit interesting, the name you have given as detection for this file is actually detection name of McAfee Endpoint Security. This file is detected by Artemis. However, we do not have sample with us and hence there is no DAT based detection available.

MD5: 40fa849d4a6b7aa7231b4d9b4c6ae04e

Detection name: Artemis!41A005C7C493

Detection technology - GTI/Artemis

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community