（里程碑）BDTS首次在magniber双击运行后成功封锁

企稳向好

pal家族 发表于 2022-6-6 11:24
那你再找一个没入库的 试下主防呗

ATD目前是拦不住的。日志里连着一堆检测到恶意命令行，但该加密还是加密

企稳向好

a8855942 发表于 2022-6-6 10:18
应该测测企业版

企业版现在是这样，对于新mb变种：
HD机器学习没有对应模型；
ATD拦不住加密；
msi似乎触发不了沙盒分析（但就算触发也没什么用，手动上传，BD企业版沙盘分析跑不出行为）之前SA是这么说的：

The sample avoids analysis by checking whether it is run in a virtual environment or monitored with debuggers or other monitoring tools. Moreover, the sample performs various changes on the system so it can remain hidden. Such changes include hiding files or file extensions, modifying security, notifications or system settings, deleting the original file, changing file attributes or other actions. The sample writes additional files on the system, which may be used in various ways, including ensuring persistence. The new files can be executables that continue the sample's actions or storage/configuration files that hold viable information for the sample.

然后鉴定为

No threat detected

结论：拦不住

下次有新样本可以@我，我多整些人工丢到SA去跑跑看

mogu6666

两周之前给Bitdefender上报的一个病毒现在终于处理了（也有可能是因为我用的是wetransfer网盘，文件过大处理慢）
来了三个邮件，第一封是自动回复，此时是2022/5/21

Thank you for contacting Bitdefender Customer Care.

This is an automated reply to confirm that we have received your request, and that we are working on resolving your issue(s) as promptly as possible. Your assigned ticket number is 1007440566 . We advise that you keep this reference number in a safe place for further tracking/follow-up.

Regards,

Bitdefender Customer Care Team

然后在我以为石沉大海的时候，2022/6/4来了第二封

Hello,

First of all, please accept my apologies for our late reply, it was by no means intended. We are working around the clock to improve our response time and I am sure that in the future you will notice a significant improvement.

We have sent the files to our Malware Research Lab for analysis purposes and we will contact you with more information once this process has been successfully completed.

Have a great day!

Best regards,
Mihnea G.
Technical Support Engineer

2022/6/5第三个，终于处理了

Hello,

Thank you for your patience and I hope my e-mail finds you well.

Our malware research team has finished analyzing the sample you submitted.
The file is malicious and detection will be added in the next couple of updates.

Feel free to get back to me anytime if you have other cyber-security questions.

Stay safe and have a great day!

Best regards,
Mihnea G.
Technical Support Engineer

起码比ESET强，可见官方对上报还是上心的

Tom179090

可以理解为他们打算提取人工特征了吗？虽然是 "during the next couple of weeks"
BD expert community：

anti-malware team is working for a detection which should be activated during the next couple of weeks. Thanks again for sharing this in our community.

cheers,

Mike

欧阳宣

什么时候能少一点这种一个样本论英雄

要么封神要么过街老鼠的帖子呢