You can search the Microsoft Malware encyclopedia at http://www.microsoft.com/security/portal/threat/Threats.aspx
J From: [email protected] [mailto:[email protected]] On Behalf Of Nash Pherson Sent: Thursday, February 19, 2015 11:09 AM To: [email protected] Subject: [mssms] RE: Equation Group malware and System Center Endpoint Protection? "Equation" is the name the Kaspersky gives this huge 'family'. You'll want to contact your Microsoft account rep to get specifics of what they call it. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Krueger, Jeff Sent: Thursday, February 19, 2015 8:32 AM To: [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: [mssms] Equation Group malware and System Center Endpoint Protection? Cross posting this to both the FEP and SMS lists. The whitepaper published by Kaskpersky about the Equation Group of malware has management concerned about our protection status with Endpoint Protection. I've searched from the Threat Catalog table in ConfigMgr and do not see the detection names that Kaspersky has given. Also if MS does cover these would they show up in the threat catalog with the same names? Link for the whitepaper "Equation group: questions and answers" PDF<https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf> List of detection names from Kaskpersky: Backdoor.Win32.Laserv Backdoor.Win32.Laserv.b Exploit.Java.CVE-2012-1723.ad HEUR:Exploit.Java.CVE-2012-1723.gen HEUR:Exploit.Java.Generic HEUR:Trojan.Java.Generic HEUR:Trojan.Win32.DoubleFantasy.gen HEUR:Trojan.Win32.EquationDrug.gen HEUR:Trojan.Win32.Generic HEUR:Trojan.Win32.GrayFish.gen HEUR:Trojan.Win32.TripleFantasy.gen Rootkit.Boot.Grayfish.a Trojan-Downloader.Win32.Agent.bjqt Trojan.Boot.Grayfish.a Trojan.Win32.Agent.ajkoe Trojan.Win32.Agent.iedc Trojan.Win32.Agent2.jmk Trojan.Win32.Diple.fzbb Trojan.Win32.DoubleFantasy.a Trojan.Win32.DoubleFantasy.gen Trojan.Win32.EquationDrug.b Trojan.Win32.EquationDrug.c Trojan.Win32.EquationDrug.d Trojan.Win32.EquationDrug.e Trojan.Win32.EquationDrug.f Trojan.Win32.EquationDrug.g Trojan.Win32.EquationDrug.h Trojan.Win32.EquationDrug.i Trojan.Win32.EquationDrug.j Trojan.Win32.EquationDrug.k Trojan.Win32.EquationLaser.a Trojan.Win32.EquationLaser.c Trojan.Win32.EquationLaser.d Trojan.Win32.Genome.agegx Trojan.Win32.Genome.akyzh Trojan.Win32.Genome.ammqt Trojan.Win32.Genome.dyvi Trojan.Win32.Genome.ihcl Trojan.Win32.Patched.kc Trojan.Win64.EquationDrug.a Trojan.Win64.EquationDrug.b Trojan.Win64.Rozena.rpcs Worm.Win32.AutoRun.wzs ________________________________ CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies. Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy & Security page on www.henryford.com<http://www.henryford.com> for more detailed information as well as information concerning MyChart, our new patient portal. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us.
