[clamav-users] Grizzly Steppe
TR Shaw
tshaw at oitc.com
Wed Jan 4 22:17:58 UTC 2017
Doesn’t detect to RAT
Al, if you don’t want to run my unofficial sigs I would be happy to provide them to Joel for incorporation into official db.
> On Jan 4, 2017, at 5:12 PM, Al Varnell <alvarnell at mac.com> wrote:
>
> Can somebody with access to those samples run them against a virgin ClamAV signature database to answer the question? I'd be happy to if there are samples I can access.
>
> -Al-
>
> On Wed, Jan 04, 2017 at 07:33 AM, TR Shaw wrote:
>>
>> I added detection in winnow_extended_malware.hdb which is distributed is the sanesecurity feed the day after the JAR was released. I also searched for the RAT and added signatures for that as well in winnow_malware_links.ndb
>>
>> Signatures are identified as winnow.Trojan.GRIZZLY_STEPPE.<identifier>
>>
>> Tom
>>
>>
>>> On Jan 4, 2017, at 10:26 AM, Andrew McGrath <andrew at checkout51.com> wrote:
>>>
>>> I'm being asked a question by our security team that I am struggling
>>> to answer. The question is "Does ClamAV detect Grizzly Steppe?".
>>>
>>> I've hunted around the archives, support pages and google, but do not
>>> see any discussion about this, could anyone comment?
>>>
>>> Thank you!
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170104/fc513a84/attachment.sig>
More information about the clamav-users
mailing list