This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Havex Malware

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Havex Malware

Tuomo
L1 Bithead

‎06-24-2014 03:47 AM

Hi all,

Do you have any information about PAN detection capability for the Havex malware family: http://www.f-secure.com/weblog/archives/00002718.html

Threat vault seems to produce no hits at the moment.

Tuomo

26 REPLIES 26

ITInfraNL
L0 Member

‎06-27-2014 01:51 AM

I would like more information on this too.

Nick

pulukas
L7 Applicator

‎06-27-2014 05:10 PM

This is not showing up yet in the threat vault as an existing update for PA.

https://threatvault.paloaltonetworks.com/

You can open a ticket with support to get a more specific update.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

PANUser-1234
L1 Bithead

‎07-01-2014 10:36 PM

Did you got some more information about havex/oldrea malware coverage in the threat signatures unitl now?

Andy

0 Likes Likes

LCMember2327
L1 Bithead
In response to PANUser-1234

‎07-02-2014 12:25 AM

Any update from PA?

0 Likes Likes

pulukas
L7 Applicator
In response to Dulle

‎07-02-2014 04:17 AM

If this is a critical vulnerability to you, I would open a ticket. This will get the signature escalated internally.

You can't expect an official update from PA here.  These are just user to user support forums.  We are lucky that many PA employees spend a great deal of time here.  But official support is still via tickets to the support portal.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

Dulle
L2 Linker
In response to pulukas

‎07-02-2014 04:35 AM

But we have.....

0 Likes Likes

ericgearhart
L4 Transporter

‎07-02-2014 04:46 AM

Looks like Havex made it into the ThreatVault:

https://threatvault.paloaltonetworks.com/Home/VirusDetail/2889719

0 Likes Likes

ericgearhart
L4 Transporter
In response to ericgearhart

‎07-02-2014 04:47 AM

Interestingly enough if you click on the hash links, PA's own WildFire flags it as benign! Hmph. :smileyplain:

pulukas
L7 Applicator
In response to ericgearhart

‎07-02-2014 04:51 AM

I guess that is just a one way conversation, wildfire pushes signatures to threats but not back the other way.

They did just add this because I checked before posting this morning earlier and it wasn't there yet.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

pivvre
L2 Linker
In response to ericgearhart

‎07-02-2014 04:54 AM

We uploaded a sample of havex to Wildfire ca June 20th - problem is they don't check it on Acrobat reader 10.x....
PAN also need to update their Virtual machines...

hyadavalli
L5 Sessionator

‎07-02-2014 08:05 AM

Hello All,

We have coverage for Havex malware.

Please upgrade to latest Anti virus version released today.

Regards,

Hari Yadavalli

ericgearhart
L4 Transporter
In response to hyadavalli

‎07-02-2014 08:25 AM

Does WildFire flag a sample as malicious yet :smileylaugh:

0 Likes Likes

hyadavalli
L5 Sessionator
In response to ericgearhart

‎07-02-2014 08:49 AM

Based on the SHA provided in initial comment I see wildfire reported as malicious

  • 11315 Views
  • 26 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks