SEP coverage for the Phishing Campaign Delivering Wiper Malware
search cancel

SEP coverage for the Phishing Campaign Delivering Wiper Malware

book

Article ID: 380443

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

A recent campaign was observed by researchers where threat actors were seen targeting Israeli organizations, by impersonating a certain antivirus vendor and sending out phishing emails warning of state-backed threats. 

Environment

Windows 

MAC

Cause

The emails include a link to a fake program that downloads a malware called Wiper, designed to erase data.

Resolution

Symantec protects you from this threat, identified by the following:



Carbon Black-based
Associated malicious indicators are blocked and detected by existing policies within VMware Carbon Black products. The recommended policy at a minimum is to block all types of malware from executing (Known, Suspect, and PUP) as well as delay execution for cloud scan to get maximum benefit from VMware Carbon Black Cloud reputation service.
File-based
Trojan.Gen.MBT
Trojan.Gen.NPE
WS.Malware.1
Machine Learning-based
Heur.AdvML.A!300
Heur.AdvML.B
Heur.AdvML.B!100