Both of these have been marked and should ship in an upcoming CVD.
-- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Apr 2, 2017, at 4:44 PM, Alex <mysqlstud...@gmail.com<mailto:mysqlstud...@gmail.com>> wrote: Hi, I submitted a number of encrypted word macro viruses within the last 48 hours, two of which still appear to not be tagged properly. Is there something you can say about the large number of encrypted word doc viruses we've seen over the last few weeks? # md5sum pbj5a57gw5-pMlSuWbYRjT1.docx g9kfak164-NZlttUtz.docx 281f596c2a5821ef52b9ed036d51d7c2 pbj5a57gw5-pMlSuWbYRjT1.docx 440f44ac9ca212b8ecf38e48faa9dfac g9kfak164-NZlttUtz.docx If you're reading this and would also like a sample of these, let me know. On Wed, Mar 22, 2017 at 9:50 AM, Joel Esler (jesler) <jes...@cisco.com<mailto:jes...@cisco.com>> wrote: I just added Doc.Dropper.Agent-6136130-0 to the scan system, it should be published today. -- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com><mailto:jes...@cisco.com> On Mar 22, 2017, at 9:43 AM, Alex <mysqlstud...@gmail.com<mailto:mysqlstud...@gmail.com><mailto:mysqlstud...@gmail.com>> wrote: Hi, How long does it typically take for a sample to be analyzed and a pattern to be created? Generally speaking, a couple hours (sometimes 4, sometimes 8, depending on automation schedules) Because it was encrypted, it may be a bit more difficult, so I'll have to look into it. What is the sha256 hash of the file? # sha256sum r564t97y168d2.docx a68e789e8306e697874d155191376124e13e44f144b11a678a37e44036a3668d r564t97y168d2.docx I also included the password to decrypt it, "Vo1UPMQBgITg" as was included with the email when it was received. I don't even bother reporting them to sophos, et al because it's sometimes days before they're added. I was expecting better from clamav... Interesting, considering Sophos is not a free product. Yes, sometimes (most times?) it's days. alex _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net><mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
