cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Glenn_Bolton
Level 12
Report Inappropriate Content
Message 1 of 6
‎02-15-2022 10:37 AM

BlackByte ransomware - ENS / ATP 10.7 coverage

Hoping to ask if McAfee ENS 10.7 Sept. 2021 level  (with ATP) has the necessary protection against the current variant of  BlackByte Ransomware?

The FBI has released an alert based on attacks against critical infrastructure.

Any direct proof of DAT / AMContent coverage is greatly appreciated.

Thank you.

 

 

 

0 Kudos
Reply
5 Replies
Sivakumar1
Employee
Employee
Report Inappropriate Content
Message 2 of 6
‎02-15-2022 03:54 PM

Re: BlackByte ransomware - ENS / ATP 10.7 coverage

Hello @Glenn_Bolton . Thank you for reaching out McAfee ENterprise Community. Please do help with the list of hashes or the IOC released for this BlackByte Ransomware and we will definitely check over the coverage.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
Glenn_Bolton
Level 12
Report Inappropriate Content
Message 3 of 6
‎02-16-2022 06:47 AM

Re: BlackByte ransomware - ENS / ATP 10.7 coverage

Below is a list of MD5 hashes of suspicious files that have been observed on systems affected by BlackByte ransomware:

4d2da36174633565f3dd5ed6dc5033c4
959a7df5c465fcd963a641d87c18a565
cd7034692d8f29f9146deb3641de7986
5f40e1859053b70df9c0753d327f2cee
d63a7756bfdcd2be6c755bf288a92c8b
df7befc8cdc3c5434ef27cc669fb1e4b
eed7357ab8d2fe31ea3dbcf3f9b7ec74
51f2cf541f004d3c1fa8b0f94c89914a
695e343b81a7b0208cbae33e11f7044c
d9e94f076d175ace80f211ea298fa46e
296c51eb03e70808304b5f0e050f4f94
8320d9ec2eab7f5ff49186b2e630a15f
0c7b8da133799dd72d0dbe3ea012031e
cea6be26d81a8ff3db0d9da666cd0f8f
a77899602387665cddb6a0f021184a2b
31f818372fa07d1fd158c91510b6a077
1473c91e9c0588f92928bed0ebf5e0f4
d9e94f076d175ace80f211ea298fa46e
28b791746c97c0c04dcbfe0954e7173b
a9cf6dce244ad9afd8ca92820b9c11b9
52b8ae74406e2f52fd81c8458647acd8
7139415fecd716bec6d38d2004176f5d
1785f4058c78ae3dd030808212ae3b04
c13bf39e2f8bf49c9754de7fb1396a33
b8e24e6436f6bed17757d011780e87b9
5c0a549ae45d9abe54ab662e53c484e2
8dfa48e56fc3a6a2272771e708cdb4d2
ad29212716d0b074d976ad7e33b8f35f
4ce0bdd2d4303bf77611b8b34c7d2883
d4aa276a7fbe8dcd858174eeacbb26ce
c010d1326689b95a3d8106f75003427c
9344afc63753cd5e2ee0ff9aed43dc56
ae6fbc60ba9c0f3a0fef72aeffcd3dc7
e2eb5b57a8765856be897b4f6dadca18
405cb8b1e55bb2a50f2ef3e7c2b28496
58e8043876f2f302fbc98d00c270778b
11e35160fc4efabd0a3bd7a7c6afc91b
d2a15e76a4bfa7eb007a07fc8738edfb
659b77f88288b4874b5abe41ed36380d
e46bfbdf1031ea5a383040d0aa598d45
151c6f04aeff0e00c54929f25328f6f7

0 Kudos
Reply
Sivakumar1
Employee
Employee
Report Inappropriate Content
Message 4 of 6
‎02-16-2022 04:22 PM

Re: BlackByte ransomware - ENS / ATP 10.7 coverage

Hello @Glenn_Bolton . We did analyze the hashes. I have attached the results for your kind perusal in csv format. With some of the hashes, McAfee do not have Samples. I would recommend you to open up a Service Request with the Sample and the relevant IOC article (Threat write-ups, Blogs, Internal hunt details needed to be submitted as a document or URL) and We will work on the detections.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
Daveb3d
MVP
Report Inappropriate Content
Message 5 of 6
‎02-16-2022 07:39 AM

Re: BlackByte ransomware - ENS / ATP 10.7 coverage

Glenn,

Might I also suggest you enable the ransomware ASR rule for the unknowns...  It is pretty painless.

Dave

Reply
Glenn_Bolton
Level 12
Report Inappropriate Content
Message 6 of 6
‎02-17-2022 05:34 AM

Re: BlackByte ransomware - ENS / ATP 10.7 coverage

Thanks Dave. I will look into this.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC