Endpoint Protection

 View Only

  • 1.  North Korean Trojan: TYPEFRAME

    Posted Jun 15, 2018 12:17 AM

    Dear Team,

    Does symantec has a protection on malware variant known as TYPEFRAME

    Malware Analysis Report (MAR)



  • 2.  RE: North Korean Trojan: TYPEFRAME

    Posted Jun 15, 2018 05:02 AM

    Hi SKP,

    Thanks for the post.  Looks like you are asking about this recent US-CERT advisory:

    Malware Analysis Report (AR18-165A)
    MAR-10135536-12 – North Korean Trojan: TYPEFRAME
    https://www.us-cert.gov/ncas/analysis-reports/AR18-165A​ 

    Hidden Cobra is a APT group that Security Response has monitored for quite some time.  Defenses are constantly updated whenever there is new activity/new samples that are submitted to us.  Known samples from this recent alert are detected as Trojan.Gen.MBT and Heur.AdvML.C, but be aware that APT groups very often develop new malware and approaches for their new campaigns.  Ensure that all SEP components are in place, the environment is hardened and that end users are educated.  Monitor your logs and network for unusual activity, and respond swiftly to anything suspicious!

    Symantec Endpoint Protection – Best Practices
    http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

    Support Perspective: W97M.Downloader Battle Plan
    https://www-secure.symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan

     

    What NOT to Click
    https://www.symantec.com/connect/articles/what-not-click

     

    What NOT to Click 2: The Legend of Curly's Gold
    https://www.symantec.com/connect/articles/what-not-click-2-legend-curlys-gold 

    Please do update this thread with any additional questions or mark it solved if you have received your answer.



  • 3.  RE: North Korean Trojan: TYPEFRAME

    Posted Jun 18, 2018 10:36 AM

    Hi SKP,

    Just a ping to see if there are any further realted questions?



  • 4.  RE: North Korean Trojan: TYPEFRAME

    Posted Jun 23, 2018 11:16 AM

    Hi Mick, 

     

    Just a Question, 

    i am currently working at government facility as IT support, the system/server is connecting to intranet. 

    So basically we received a email regarding North Korean Trojan: TYPEFRAME and the email highlighted 7 IP address and 11 SHA-256.

    The 7 IP address is quite straight forward, as we know that we dont use the Ip address.

    Is there any way to scan the 11  Sha-256 details using SEPM ? 

    Apologised if you dont really know my question. 

     

    Thank you 



  • 5.  RE: North Korean Trojan: TYPEFRAME

    Posted Jun 25, 2018 04:57 AM

    Hi Aydrian,

    Virustotal.com is the first place to check.  Enter the hash and see if it indicates that Symantec detects that file. If there is no detection name from Symantec, then this may be what you are looking for....

    Does Symantec Detect This: An Illustrated Guide to Public Hash Submission
    https://www-secure.symantec.com/connect/articles/does-symantec-detect-illustrated-guide-public-hash-submission

    Note that it will only work with files that are publicly available and is only intended for checking a small number of hashes, not a large bulk. 

     

     



  • 6.  RE: North Korean Trojan: TYPEFRAME

    Posted Oct 03, 2018 10:44 AM

    Hi Team,

     

    Any latest update on MAR-10201537 – HIDDEN COBRA FASTCash-Related Malware.

     and does symantec has a protection this malware.



  • 7.  RE: North Korean Trojan: TYPEFRAME

    Posted Oct 03, 2018 10:57 AM

    Yes, multiple detections by SEP

    5cfa1c2cb430bec721063e3e2d144feb

    Trojan.Gen.2

    5c0a4f9e67ced69eaea17092444b2c1a

    Heur.AdvML.B

    4f67f3e4a7509af1b2b1c6180a03b3e4

    Trojan.Gen.2

    d0a8e0b685c2ea775a74389973fc92ca

    Heur.AdvML.C

    The full update is here:

    https://www.us-cert.gov/ncas/analysis-reports/AR18-275A