cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Marvin
Level 8
Report Inappropriate Content
Message 1 of 10
‎02-25-2022 02:34 AM

HermeticWiper coverage

Jump to solution
Hello,
 

HermeticWiper: New datawiping malware hits Ukraine

https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/

 

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine

https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/

 
Is there any news if McAfee products can detect HermeticWiper, malware currently used on Ukraine?
 
Serge
0 Kudos
Reply
2 Solutions

Accepted Solutions
harshgautam
Employee
Employee
Report Inappropriate Content
Message 4 of 10
‎02-27-2022 12:40 AM

Re: HermeticWiper coverage

Jump to solution

Hi @Marvin ,

 

Thank you for reaching out to us on Community portal.

As of now, we do have coverage for the Hermetic Wiper Malware through an ED.

Kindly log a case with us and we shall share you the required details.

Adding the advisory for reference- 

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 9 of 10
‎02-28-2022 03:26 AM

Re: HermeticWiper coverage

Jump to solution

Hi @Marvin,

Our sincere apologies for the bad experience. We would like to assure you the following via this post:

--> The provided hashes are already covered via GTI/Artemis and currently covered via DAT as well, hence EXTRA DAT is no more needed.

--> This attack is being proactively researched by our Labs Team, hence, you will find tens and hundreds of IOCs belonging to this campaign alone being added to our database with every day signatures gaining detections on them and our GTI database updating itself every minute with newer detections on these indicators.

--> While It is an impossible task to post every single IOCs we have discovered in the wild with samples, you can always contact us with a Service request with a list of IOCS that you suspect may or may not be covered by us and we will provide you a confirmation on the coverage via the Service Request.

Apologies for any lack of clarity and sincerely looking forward to clarifying any further queries on this. I have personally taken up your Service Request and will ensure that your queries are answered ASAP.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Reply
9 Replies
Nielsb
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 10
‎02-25-2022 03:25 AM

Re: HermeticWiper coverage

Jump to solution

No advisory from McAfee/Trelllix

Last update from John Fokker: https://twitter.com/TrellixLabs/status/1496910495411949573

Given the sensitivity around the case we have to keep it limited to what we shared above. But for more IOCs and threat data make sure to check our dashboard

Trellix labs: https://twitter.com/TrellixLabs/status/1496910495411949573

hash in the twitter post:

https://www.virustotal.com/gui/file/1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591

https://www.virustotal.com/gui/file/a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92

 

 

 

 

 

Reply
harshgautam
Employee
Employee
Report Inappropriate Content
Message 4 of 10
‎02-27-2022 12:40 AM

Re: HermeticWiper coverage

Jump to solution

Hi @Marvin ,

 

Thank you for reaching out to us on Community portal.

As of now, we do have coverage for the Hermetic Wiper Malware through an ED.

Kindly log a case with us and we shall share you the required details.

Adding the advisory for reference- 

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a solution" if this reply resolves your query!

Reply
Marvin
Level 8
Report Inappropriate Content
Message 5 of 10
‎02-28-2022 12:55 AM

Re: HermeticWiper coverage

Jump to solution

What's an "ED" ?
I already opened an SR last week, I came here because it's too d*mn slow.
Reply
harshgautam
Employee
Employee
Report Inappropriate Content
Message 6 of 10
‎02-28-2022 12:57 AM

Re: HermeticWiper coverage

Jump to solution

@Marvin ,

 

ED stands for ExtraDAT. once the ED is provided, you can check-in locally or through ePO and you will have the coverage against that.

 

Was my reply helpful?

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
ALondo
Level 7
Report Inappropriate Content
Message 7 of 10
‎02-28-2022 03:18 AM

Re: HermeticWiper coverage

Jump to solution

Is the ED available?

I had read, that mcafee security products already can detect HermeticWiper and protect the systems.

 

Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 8 of 10
‎02-28-2022 03:29 AM

Re: HermeticWiper coverage

Jump to solution

Hi @ALondo,

Yes sir, you heard right. However, without a list of IOCs or hashes, we cannot be 100% sure of what samples we cover and we don't. If you are concerned about the specific samples listed here, we absolutely can ensure that you are protected from them via ENS.

Please do open an SR with us if you have any list of indicators that you wish to verify coverage with us and we will be happy to assist you with the same as well.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 9 of 10
‎02-28-2022 03:26 AM

Re: HermeticWiper coverage

Jump to solution

Hi @Marvin,

Our sincere apologies for the bad experience. We would like to assure you the following via this post:

--> The provided hashes are already covered via GTI/Artemis and currently covered via DAT as well, hence EXTRA DAT is no more needed.

--> This attack is being proactively researched by our Labs Team, hence, you will find tens and hundreds of IOCs belonging to this campaign alone being added to our database with every day signatures gaining detections on them and our GTI database updating itself every minute with newer detections on these indicators.

--> While It is an impossible task to post every single IOCs we have discovered in the wild with samples, you can always contact us with a Service request with a list of IOCS that you suspect may or may not be covered by us and we will provide you a confirmation on the coverage via the Service Request.

Apologies for any lack of clarity and sincerely looking forward to clarifying any further queries on this. I have personally taken up your Service Request and will ensure that your queries are answered ASAP.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
Reply
Nielsb
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 10 of 10
‎03-02-2022 12:25 AM

Re: HermeticWiper coverage

Jump to solution
Trellix Protections for the HermeticWiper Malware

Trellix is currently monitoring the latest wiper malware dubbed "HermeticWiper" that has been observed in attacks against the Ukraine. Trellix Global Threat Intelligence (GTI) is currently protecting against all known indicators associated with "HermeticWiper" and MVISION Insights will note detections in your environment as well.

https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/defenders-blog-on-cyberattacks-targ...

 

SNS notification:

==============================================================================

Hello,

Trellix is closely monitoring threat activity in Ukraine and signals of cyber-attacks globally. Our Threat Lab researchers are coordinating with government and industry partners to gain visibility into the evolving threat landscape. We are prepared if the cyber conflict extends beyond Ukraine by actors who attempt to take advantage of the world’s attention on this region to perpetrate their own malicious activity. We counsel vigilance in the spirit of #ShieldsUp and advise you to implement the latest measures to bolster your defenses.

Trellix continues to add protections to our products as new malware variants and behavior indicators are discovered. Throughout this crisis, we will provide research and analysis necessary to inform, prepare and address threats to your organization. Resources can be found in our Threat Center and publications analyzing newly discovered threats in our Trellix Labs blogs and @TrellixLabs Twitter handle.

Please contact us if you have any indication that you might be experiencing a cyber event. We stand with you shoulder to shoulder to help you work through this complicated time.

Thank you for your trust.

Trellix

============================================================================

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC