查看: 1423|回复: 3
收起左侧

[交流探讨] 直接通过给newvirus邮箱写信上报病毒样本。需要关键词

[复制链接]
pal家族
发表于 2023-3-4 20:31:36 | 显示全部楼层 |阅读模式
Hello,

The detection will be included in the next update.
4e690e0b0414241b20b67af44ae57e35d0a79f59e96ee7e3b629339f7d9d540b.bat - Trojan.PowerShell.Agent.aao
EMP.dll - Trojan.Win64.Agent.qwidzm
New.bat - Trojan.BAT.Obfus.g

Thank you for your help.

Best regards, Pavel Sinenko, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

__________________________________________

From: 72428164?你猜@qq.com
Received: 2/17/2023 5:00:37 PM (UTC)
Sent: 2/17/2023 4:59:20 PM (UTC)
To: newvirus@kaspersky.com
Subject: Kaspersky false positive and false negative

Kaspersky false positive and false negative:
These files are malicious, pls re-check them.



所谓关键词就是通过false positive触发误报分析,而且误报分析师100%有回复的
而你只需要在误报分析里说明你其实是需要分析一个没有检测的样件即可。
简单说下是个啥玩意,添加附件即可。
附件需要加密 infected 或 virus

(白加黑或者一些疑难杂症你可能需要说的详细一点。。。)

opentip现在好像需要谷歌的reCHPTCHA,不推荐。。。。也可以用关键词的

评分

参与人数 2人气 +4 收起 理由
dongwenqi + 3 版区有你更精彩: )
KevinYu0504 + 1 搞得像通关密语

查看全部评分

117054487
发表于 2023-3-4 20:34:11 | 显示全部楼层
Hello,

New malicious software was found in the attached files. Its detection will be included in the next update.
HEUR:Rootkit.Win32.MalDrv.gen
Thank you for your help.

Best regards, Maxim, Malware analyst, Kaspersky Lab
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

__________________________________________

From: xxxxxxxxx@qq.com
Received: 2/28/2023 3:33:49 AM (UTC)
Sent: 2/28/2023 3:33:40 AM (UTC)
To: newvirus@kaspersky.com
Subject: Kaspersky false positive and false negative [KL-1815201]

Kaspersky false positive and false negative:
These files are malicious, pls re-check them.
Sha-256:
3e6a14230ddc3ccf2dddc4acabe8c10ac45c12335eedace694fb670936d58082
4ae4a3b2d4b5731c87df5b82aba830d0f8ac60b0766813c9f0d4698a0c16c79e
61b3d7fcd83c3fcbd910e9cd285ffdc20d2ad536e53070edc3a8860ead04c1ad
222f58881bf80d41c672bcce73e3ada1670902d5e89a4d12daa6869aa71f89d2
37bd60f572a7613cd56972da3391579d039b38d3ad3945aef28cf0d004003614
5652303c28a5481be0824b994097a994e13ed8c273567bf12dbcf7c2fb1a9451
74205673dd6d053afe7c845bc600ed29e57e5fa840d5aa10b2ae84bb4af03342
80756171d740cbc4f316b014b305cd2873763b25e438028b6caaa366e0720ae4
bebba608fd3dee6d0142631c3fb7399511fc65618aac2228db2efe83c39d4859




我最开始就是这么发的
pal家族
 楼主| 发表于 2023-3-4 20:36:49 | 显示全部楼层
117054487 发表于 2023-3-4 20:34
Hello,

New malicious software was found in the attached files. Its detection will be included in  ...

是的 这么搞最有效
張瘦豬先生
发表于 2023-3-5 08:19:32 | 显示全部楼层
直接通过Lab渠道提交比找CNTS快多了
CNTS还得升级给Virus Lab
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-24 00:45 , Processed in 0.109443 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表