cancel
Showing results for 
Search instead for 
Did you mean: 
Uthra
Level 8
Report Inappropriate Content
Message 1 of 4

Espionage, Malware-Urgent Information Required

Jump to solution

CERT-UA (Computer Emergency Response Team of Ukraine), along with the Foreign Intelligence Service of Ukraine, announced the findings of a new variation of the Pterodo (also known as Pteradon and is associated with the Gamaredon threat-group) malware found on state-owned computers in the Ukraine. This particular strain of malware is believed to be the forerunner of a cyber attack, the article indicated. The malware collects information on the infected system and sends it back to its command and control servers on a regular basis. One innovation found was that this variation included a flash drive infection vector and could infect other removable media for further distribution opportunities. Only systems whose default language was of post-Soviet state origin, such as Ukrainian, Belarusian, Russian, Armenian, Aziberjan, Uzbek, and Tatar, appear to be targeted.

MD5

1118184D160F5F341A46130BDD2468F2
1e5446a3ee1d308a89338e18f24580bd
372BF4C5942769F216316E315CC50C9D
605fe3746f003bce8a18be1f216afb72
649e69583e86412115ecaf926b5d2b20
6623F573AB668B7DA9068A714968E8E9
7ACB1B099ADBE17A8D5194DA2637BE51
834C709455BFEFB9B0E8976BAD13A8F4
834c709455bfefb9b0e8976bad13a8f4
8C4A0C394F83EDC9FF45EE77982A9904
8ae5f3d79c4da3741bf9388543fe7479
A8734436C6948F6879BBA1DBA09D8810
C29E524436EA9CB42F27134DE631432B
d5146737484fc5f2abb02a28b5383b30
e0dfc17c215b7b767370dabcb39abff8
f53abf8ec98d18088ae1e65c53a38320

SHA-256

5f6642212d136066f89a48f13ae09a8b56a88ba3e0999e17c9d950c8eb43b800
84db40763f9bd2de3ad90457ef9239fa325ff863cdb9d48263c5adb0cb109776
8b50e3ca06a22d0be6a71232b320137c776f80ac3f2c81b7440b43854b8a3bf0
9020402e49cb7d9dcc81b70297b1b102dca3df70ad1e50dad8814d8543990d6d
a14f31e8a55d5f0b6e02a168e5561e7e402e22295edc6cf6118bb2634dcb8994
a866a2b490ac7215a041bf0497b75aa7dfe8f23bc8079d890cdfbf796acd2ead
f715505bce521c2d826f1e8237b582a2831082b5e2632600ad07c95072829a62

 

Please can you check and corroborate whether hash values have coverage in McAfee.

1 Solution

Accepted Solutions
McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Espionage, Malware-Urgent Information Required

Jump to solution

Hello again!

The guys in the Malware group got back to me with the following for you:

  1. 1118184D160F5F341A46130BDD2468F2 - No Sample - unable to verify coverage
  2. 1e5446a3ee1d308a89338e18f24580bd - RDN/Generic Dropper
  3. 372BF4C5942769F216316E315CC50C9D - No Sample - unable to verify coverage
  4. 605fe3746f003bce8a18be1f216afb72 - RDN/Generic.grp
  5. 649e69583e86412115ecaf926b5d2b20 - Clean
  6. 6623F573AB668B7DA9068A714968E8E9 - No Sample - unable to verify coverage
  7. 7ACB1B099ADBE17A8D5194DA2637BE51 - Artemis!7acb1b099adb
  8. 834C709455BFEFB9B0E8976BAD13A8F4 - Clean
  9. 834c709455bfefb9b0e8976bad13a8f4 - Clean
  10. 8C4A0C394F83EDC9FF45EE77982A9904 - No Sample - unable to verify coverage
  11. 8ae5f3d79c4da3741bf9388543fe7479 - Artemis!8ae5f3d79c4da
  12. A8734436C6948F6879BBA1DBA09D8810 - RDN/Generic.grp
  13. C29E524436EA9CB42F27134DE631432B - Artemis!C29E524436EA
  14. d5146737484fc5f2abb02a28b5383b30 - No Sample - unable to verify coverage
  15. e0dfc17c215b7b767370dabcb39abff8 - Artemis!e0dfc17c215b
  16. f53abf8ec98d18088ae1e65c53a38320 - Artemis!f53abf8ec98d

They suggest you call support open a case to have more review done to help you!

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

3 Replies
McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Espionage, Malware-Urgent Information Required

Jump to solution

Hi Uthra,

That post needs to be put in the Malware forum, this is the ePO/MA forum:

https://community.mcafee.com/t5/Malware/bd-p/malware

Please report this to the above team/URL.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: Espionage, Malware-Urgent Information Required

Jump to solution

Additionally:

I spoke with the Malware team here and they have been supplied the MD5 you posted. Currently I am waiting for a reply from them about it and any details they have or have not about it for you!

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Espionage, Malware-Urgent Information Required

Jump to solution

Hello again!

The guys in the Malware group got back to me with the following for you:

  1. 1118184D160F5F341A46130BDD2468F2 - No Sample - unable to verify coverage
  2. 1e5446a3ee1d308a89338e18f24580bd - RDN/Generic Dropper
  3. 372BF4C5942769F216316E315CC50C9D - No Sample - unable to verify coverage
  4. 605fe3746f003bce8a18be1f216afb72 - RDN/Generic.grp
  5. 649e69583e86412115ecaf926b5d2b20 - Clean
  6. 6623F573AB668B7DA9068A714968E8E9 - No Sample - unable to verify coverage
  7. 7ACB1B099ADBE17A8D5194DA2637BE51 - Artemis!7acb1b099adb
  8. 834C709455BFEFB9B0E8976BAD13A8F4 - Clean
  9. 834c709455bfefb9b0e8976bad13a8f4 - Clean
  10. 8C4A0C394F83EDC9FF45EE77982A9904 - No Sample - unable to verify coverage
  11. 8ae5f3d79c4da3741bf9388543fe7479 - Artemis!8ae5f3d79c4da
  12. A8734436C6948F6879BBA1DBA09D8810 - RDN/Generic.grp
  13. C29E524436EA9CB42F27134DE631432B - Artemis!C29E524436EA
  14. d5146737484fc5f2abb02a28b5383b30 - No Sample - unable to verify coverage
  15. e0dfc17c215b7b767370dabcb39abff8 - Artemis!e0dfc17c215b
  16. f53abf8ec98d18088ae1e65c53a38320 - Artemis!f53abf8ec98d

They suggest you call support open a case to have more review done to help you!

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center