In addition to SaneSecurity, here is another third-party repo of sigs (updated often) that catches these docs:
https://github.com/wmetcalf/clam-punch/blob/master/miscreantpunch099.ldb <https://github.com/wmetcalf/clam-punch/blob/master/miscreantpunch099.ldb> Please feel free to reach out with any questions or concerns! Jack > On Dec 8, 2016, at 9:53 AM, Matteo Dessalvi <m.dessa...@gsi.de> wrote: > > Hi all. > > In the last couple of days our Human Resources > have received a bunch of email with this kind of > ransomware attached (as Excel file) and ClamAV > was unfortunately unable to stop it. > > Anybody stumbled upon it recently? If yes, did > you create your own signature for it? > > I have just submitted a report through: > https://www.clamav.net/reports/malware > > More details here: > > https://www.heise.de/newsticker/meldung/Goldeneye-Ransomware-Die-Bedrohung-erkennen-Mitarbeiter-warnen-Infektion-verhindern-3564252.html > > (sorry, it is only in German but I guess Google > Translate should work pretty well on it). > > I also ran a quick analysis on Malwr: > https://malwr.com/analysis/Y2VhYWNjZTk3NWFhNGRhMDg5OWYwY2E5MzdjNDA2M2I/ > > Best regards, > Matteo > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml