直接通过给newvirus邮箱写信上报病毒样本。需要关键词

显示全部楼层 · 发表于 2023-3-4 20:31:36

Hello,

The detection will be included in the next update.
4e690e0b0414241b20b67af44ae57e35d0a79f59e96ee7e3b629339f7d9d540b.bat - Trojan.PowerShell.Agent.aao
EMP.dll - Trojan.Win64.Agent.qwidzm
New.bat - Trojan.BAT.Obfus.g

Thank you for your help.

Best regards, Pavel Sinenko, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

__________________________________________

From: 72428164？你猜@qq.com
Received: 2/17/2023 5:00:37 PM (UTC)
Sent: 2/17/2023 4:59:20 PM (UTC)
To: newvirus@kaspersky.com
Subject: Kaspersky false positive and false negative

Kaspersky false positive and false negative：
These files are malicious, pls re-check them.

所谓关键词就是通过false positive触发误报分析，而且误报分析师100%有回复的
而你只需要在误报分析里说明你其实是需要分析一个没有检测的样件即可。
简单说下是个啥玩意，添加附件即可。
附件需要加密 infected 或 virus

（白加黑或者一些疑难杂症你可能需要说的详细一点。。。）

opentip现在好像需要谷歌的reCHPTCHA，不推荐。。。。也可以用关键词的

显示全部楼层 · 发表于 2023-3-4 20:34:11

Hello,

New malicious software was found in the attached files. Its detection will be included in the next update.
HEUR:Rootkit.Win32.MalDrv.gen
Thank you for your help.

Best regards, Maxim, Malware analyst, Kaspersky Lab
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

__________________________________________

From: xxxxxxxxx@qq.com
Received: 2/28/2023 3:33:49 AM (UTC)
Sent: 2/28/2023 3:33:40 AM (UTC)
To: newvirus@kaspersky.com
Subject: Kaspersky false positive and false negative [KL-1815201]

Kaspersky false positive and false negative：
These files are malicious, pls re-check them.
Sha-256:
3e6a14230ddc3ccf2dddc4acabe8c10ac45c12335eedace694fb670936d58082
4ae4a3b2d4b5731c87df5b82aba830d0f8ac60b0766813c9f0d4698a0c16c79e
61b3d7fcd83c3fcbd910e9cd285ffdc20d2ad536e53070edc3a8860ead04c1ad
222f58881bf80d41c672bcce73e3ada1670902d5e89a4d12daa6869aa71f89d2
37bd60f572a7613cd56972da3391579d039b38d3ad3945aef28cf0d004003614
5652303c28a5481be0824b994097a994e13ed8c273567bf12dbcf7c2fb1a9451
74205673dd6d053afe7c845bc600ed29e57e5fa840d5aa10b2ae84bb4af03342
80756171d740cbc4f316b014b305cd2873763b25e438028b6caaa366e0720ae4
bebba608fd3dee6d0142631c3fb7399511fc65618aac2228db2efe83c39d4859

我最开始就是这么发的

显示全部楼层 · 发表于 2023-3-4 20:36:49

117054487 发表于 2023-3-4 20:34
Hello,

New malicious software was found in the attached files. Its detection will be included in ...

是的这么搞最有效

显示全部楼层 · 发表于 2023-3-5 08:19:32

直接通过Lab渠道提交比找CNTS快多了

CNTS还得升级给Virus Lab

[交流探讨] 直接通过给newvirus邮箱写信上报病毒样本。需要关键词

评分