RE: Egregor Ransomware attack on Palo Alto

Reply
L3 Networker

RE: Egregor Ransomware attack on Palo Alto

Dear Team,

 

PAN OS Version: 8.1.12

PAN MODEL:  PA-3020

If Palo Alto have a valid signature of this Egregor Ransomware attack ? 

 

Also please check whether Palo Alto has any FAQ related to Egregor Ransomware.

 

Signature
ReleasePost-7.1
Domain Name
Type

Name: generic:egregor.top

Unique Threat ID: 385503381

Create Time: 2020-11-16 07:32:05 (UTC)

Threat ID: n/a

Current Release: n/a

First Release: 3535 (2020-11-16 UTC)

egregor.topAntiVirus

Name: generic: egregor.top

Unique Threat ID: 385503381

Create Time: 2020-11-16 07:32:05 (UTC)

Threat ID: n/a

Current Release: n/a

First Release: n/a

egregor.topWildfire

 

how to block this ransomware attack? If you have any idea please suggest. 

 

Regards

Karthikeyan Balamurugan

L0 Member

Hi Karthikeyan,

 

PAN has multiple signatures actively blocking Egregor Ransomware. We do not confirm coverage based on Malware names. We typically receive IOC's such as file hashes and confirm we have coverage for said hashes. Malicious files acquire generic virus name which makes it hard to search it if we don't have a hash. Without a specific sample or hash, it would be hard to confirm if there is coverage or not.

 

If you have access to Autofocus, you may search using Egregor tag and you will find samples related to this ransomeware.

 

Here are some hashes that I have found being related to Egregor activities. You can check them on Threatvault.

967422de1acc14deb7e7ce803d86aff44e2652bfcd550e3a34c2e37abc883dee
4c9e3ffda0e663217638e6192a093bbc23cd9ebfbdf6d2fc683f331beaee0321
aee131ba1bfc4b6fa1961a7336e43d667086ebd2c7ff81029e14b2bf47d9f3a7
7caed5f406445c788543f55af6d98a8bc4f0c104e6a51e2564dd37b6a485cc18
92d72d4c1aaef1983a05bb65ee540236b98fdab4ca382d15a845ab6d07ea1fb8
004a2dc3ec7b98fa7fe6ae9c23a8b051ec30bcfcd2bc387c440c07ff5180fe9a
28f3f5a3ea270d9b896fe38b9df79a6ca430f5edab0423b3d834cf8d586f13e6
a376fd507afe8a1b5d377d18436e5701702109ac9d3e7026d19b65a7d313b332
3fd510a3b2e0b0802d57cd5b1cac1e61797d50a08b87d9b5243becd9e2f7073f
c1c4e677b36a2ee6ae858546e727e73cc38c95c9024c724f939178b3c03de906
9c900078cc6061fb7ba038ee5c065a45112665f214361d433fc3906bf288e0eb
2d01c32d51e4bbb986255e402da4624a61b8ae960532fbb7bb0d3b0080cb9946

 

KR,

Mohamed

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!