[clamav-users] Goldeneye ransomware
Jack
jack at malwarefor.me
Thu Dec 8 20:38:28 UTC 2016
In addition to SaneSecurity, here is another third-party repo of sigs (updated often) that catches these docs:
https://github.com/wmetcalf/clam-punch/blob/master/miscreantpunch099.ldb <https://github.com/wmetcalf/clam-punch/blob/master/miscreantpunch099.ldb>
Please feel free to reach out with any questions or concerns!
Jack
> On Dec 8, 2016, at 9:53 AM, Matteo Dessalvi <m.dessalvi at gsi.de> wrote:
>
> Hi all.
>
> In the last couple of days our Human Resources
> have received a bunch of email with this kind of
> ransomware attached (as Excel file) and ClamAV
> was unfortunately unable to stop it.
>
> Anybody stumbled upon it recently? If yes, did
> you create your own signature for it?
>
> I have just submitted a report through:
> https://www.clamav.net/reports/malware
>
> More details here:
>
> https://www.heise.de/newsticker/meldung/Goldeneye-Ransomware-Die-Bedrohung-erkennen-Mitarbeiter-warnen-Infektion-verhindern-3564252.html
>
> (sorry, it is only in German but I guess Google
> Translate should work pretty well on it).
>
> I also ran a quick analysis on Malwr:
> https://malwr.com/analysis/Y2VhYWNjZTk3NWFhNGRhMDg5OWYwY2E5MzdjNDA2M2I/
>
> Best regards,
> Matteo
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20161208/47b9d88d/attachment.sig>
More information about the clamav-users
mailing list