https://live.paloaltonetworks.com/t5/advanced-threat-prevention/re-egregor-ransomware-attack-on-palo-alto/m-p/365290#M981 <P>Dear Team,</P><P>&nbsp;</P><P>PAN OS Version: 8.1.12</P><P><SPAN>PAN MODEL:&nbsp; PA-3020</SPAN></P><P>If Palo Alto have a valid signature of this&nbsp;Egregor Ransomware attack ?&nbsp;</P><P>&nbsp;</P><P>Also please check whether Palo Alto has any FAQ related&nbsp;to Egregor Ransomware.</P><P>&nbsp;</P><P>Signature<BR /><SPAN>Release<SPAN class="pull-right">Post-7.1</SPAN></SPAN><BR />Domain Name<BR />Type</P><TABLE><TBODY><TR><TD><P class="">Name: generic:egregor.top</P><P class="">Unique Threat ID: 385503381</P><P class="">Create Time: 2020-11-16 07:32:05 (UTC)</P></TD><TD><P class="tabbed-header Post-71">Threat ID: n/a</P><P class="tabbed-header Post-71">Current Release: n/a</P><P class="tabbed-header Post-71">First Release: 3535 (2020-11-16 UTC)</P></TD><TD>egregor.top</TD><TD>AntiVirus</TD></TR><TR><TD><P class="">Name: generic: egregor.top</P><P class="">Unique Threat ID: 385503381</P><P class="">Create Time: 2020-11-16 07:32:05 (UTC)</P></TD><TD><P class="tabbed-header Post-71">Threat ID: n/a</P><P class="tabbed-header Post-71">Current Release: n/a</P><P class="tabbed-header Post-71">First Release: n/a</P></TD><TD>egregor.top</TD><TD>Wildfire</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>how to block this ransomware attack? If you have any idea please suggest.&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>Karthikeyan Balamurugan</P> Tue, 24 Nov 2020 16:29:18 GMT karthikeyanB 2020-11-24T16:29:18Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/re-egregor-ransomware-attack-on-palo-alto/m-p/365290#M981 <P>Dear Team,</P><P>&nbsp;</P><P>PAN OS Version: 8.1.12</P><P><SPAN>PAN MODEL:&nbsp; PA-3020</SPAN></P><P>If Palo Alto have a valid signature of this&nbsp;Egregor Ransomware attack ?&nbsp;</P><P>&nbsp;</P><P>Also please check whether Palo Alto has any FAQ related&nbsp;to Egregor Ransomware.</P><P>&nbsp;</P><P>Signature<BR /><SPAN>Release<SPAN class="pull-right">Post-7.1</SPAN></SPAN><BR />Domain Name<BR />Type</P><TABLE><TBODY><TR><TD><P class="">Name: generic:egregor.top</P><P class="">Unique Threat ID: 385503381</P><P class="">Create Time: 2020-11-16 07:32:05 (UTC)</P></TD><TD><P class="tabbed-header Post-71">Threat ID: n/a</P><P class="tabbed-header Post-71">Current Release: n/a</P><P class="tabbed-header Post-71">First Release: 3535 (2020-11-16 UTC)</P></TD><TD>egregor.top</TD><TD>AntiVirus</TD></TR><TR><TD><P class="">Name: generic: egregor.top</P><P class="">Unique Threat ID: 385503381</P><P class="">Create Time: 2020-11-16 07:32:05 (UTC)</P></TD><TD><P class="tabbed-header Post-71">Threat ID: n/a</P><P class="tabbed-header Post-71">Current Release: n/a</P><P class="tabbed-header Post-71">First Release: n/a</P></TD><TD>egregor.top</TD><TD>Wildfire</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>how to block this ransomware attack? If you have any idea please suggest.&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>Karthikeyan Balamurugan</P> Tue, 24 Nov 2020 16:29:18 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/re-egregor-ransomware-attack-on-palo-alto/m-p/365290#M981 karthikeyanB 2020-11-24T16:29:18Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/re-egregor-ransomware-attack-on-palo-alto/m-p/365303#M982 <P>Hi&nbsp;<SPAN>Karthikeyan,</SPAN></P> <P>&nbsp;</P> <P><SPAN>PAN has multiple signatures actively blocking Egregor Ransomware. We do not confirm coverage based on Malware names. We typically receive IOC's such as file hashes and confirm we have coverage for said hashes. Malicious files acquire&nbsp;generic virus name which makes it hard to search it if we don't have a hash. Without a specific sample or hash, it would be hard to confirm if there is coverage or not.</SPAN></P> <P>&nbsp;</P> <P><SPAN>If you have access to Autofocus, you may search using Egregor tag and you will find samples related to this ransomeware.</SPAN></P> <P>&nbsp;</P> <P>Here are some hashes that I have found being related to Egregor activities. You can check them on Threatvault.</P> <P>967422de1acc14deb7e7ce803d86aff44e2652bfcd550e3a34c2e37abc883dee<BR />4c9e3ffda0e663217638e6192a093bbc23cd9ebfbdf6d2fc683f331beaee0321<BR />aee131ba1bfc4b6fa1961a7336e43d667086ebd2c7ff81029e14b2bf47d9f3a7<BR />7caed5f406445c788543f55af6d98a8bc4f0c104e6a51e2564dd37b6a485cc18<BR />92d72d4c1aaef1983a05bb65ee540236b98fdab4ca382d15a845ab6d07ea1fb8<BR />004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a<BR />28f3f5a3ea270d9b896fe38b9df79a6ca430f5edab0423b3d834cf8d586f13e6<BR />a376fd507afe8a1b5d377d18436e5701702109ac9d3e7026d19b65a7d313b332<BR />3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f<BR />c1c4e677b36a2ee6ae858546e727e73cc38c95c9024c724f939178b3c03de906<BR />9c900078cc6061fb7ba038ee5c065a45112665f214361d433fc3906bf288e0eb<BR />2d01c32d51e4bbb986255e402da4624a61b8ae960532fbb7bb0d3b0080cb9946</P> <P>&nbsp;</P> <P>KR,</P> <P>Mohamed</P> Tue, 24 Nov 2020 17:05:52 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/re-egregor-ransomware-attack-on-palo-alto/m-p/365303#M982 mmouhib 2020-11-24T17:05:52Z