Welcome to the forums.
How to get more info about Artemis! detections (e.g characteristic)
The short answer: There are no publicly available 'characteristics' yet.
The Long answer:
Artemis!, or more formerly Global Threat Intelligence (GTI) File Reputation, detections are based on unknown 'threat behavior' where characteristics are not yet well known. So no information is available yet.
GTI File Reputation Best Practices Guide for McAfee VirusScan® Enterprise Software wrote:
With traditional protection, malware is discovered, verified by a security vendor, made available and ultimately deployed. This
process can take place over several hours (or even longer), creating a protection gap.
Rather than rely solely on signature-based detection of malware where the time from discovery to protection could be hours or
even longer, McAfee GTI File Reputation service provides near real-time protection by providing reputation scores for files as they
are accessed or when a system is scanned, compressing the protection gap.
The GTI detections are done in the cloud by McAfee. When enough info is available, a real threat is then given a formal name, added to the signature databases, and removed from GTI detections as the signature databases are distributed to end-nodes. (Detections determined to be 'Non-threats' are simply removed from Artemis!)
Until a threat has been analyzed and given a name, it's only characteristic is an Artemis!1234567890AB (12 digit hex number) based on heuristic behaviors.
Hope that helps.
Message was edited by: rmetzger (clarification) on 3/19/14 5:42:38 AM EDT
Message was edited by: rmetzger (spelling) on 3/19/14 5:46:56 AM EDT
on 3/19/14 5:52:50 AM EDT
Thanks for that!
Your welcome. Do you have a specific problem or detection?
No specific problem.. . just wanted to know "who" I'm facing
..When Artemis detections researched and categorized (name given, etc...), do they put a reference for the artemis!code, the researched threat derived from?
Not to my knowledge. The naming sequence for Artemis! numbers is simply the MD5 hash of that file. Make's it almost impossible to replicate. However, it says nothing about the actual file in question.
If I wanted to know more about that threat, I would submit that file to VirusTotal.com and see what the 45 to 50 scan engines there say about that file. (Each company seems to like to give each threat their own name, so you have to go to each company's site to get details.)