Xcitium/Comodo detected a new ransomware no other vendor found



Only 8 detections on VirusTotal

2 Likes

A possible pandora’s box.

Very good, now what I think is that it takes a long time for CIS to update its database after Valkyrie detects it.
Why this delay? I’ve been realizing this for a while now.

for the cloud it takes 1-5 minutes to be added to the database but for signatures it can take longer

1 Like

VirusScope detected the ransomware with Static Analysis.
The verdict is Highly Suspicious and there are 2 malicious indicators

2 Likes

Now I understand, due to the delay, I think it must take more than 24 hours to be placed in the subscription, because I believe that the CIS generates a new subscription every 24 hours, because there was a time when my av was updated more than 19 hours later .

1 Like

Comodo protects you even without a signature. That’s how Containment default-deny perfect zero-day protection works. See on VT all the other vendors are allowing that malware to run because they don’t have a signature for it whereas Comodo/Xcitium is protecting you while all the others aren’t for that how ever many of hours or days.

I find the Xcitium Threatmap https://threatmap.xcitium.com/ a interesting tool but end of the day each AV engine and it’s vendor have their own threat labs to analyze malware so VT isn’t always thego to in checking who has signature for what as that relies on static av scanning rather than full features of those security products.

Even Comodo Firewall without the AV element still protect you from this using the same containment technology. Comodo protected you from Magniber ransomeware before anyone else did. You can run another AV along side CF but I don’t see the point.

Here we are 21 hours later and even with fresh analysis still only 8 vendors detect it.


Virus total page: VT Verdict

3 Likes

Hello, Seeing in detail the creation of this virus was on the following dates.

History
Creation Time
2015-02-15 08:00:31 UTC

First Submission
2016-10-04 14:10:30 UTC

Last Submission
2016-10-04 14:10:30 UTC

Last Analysis
2024-05-22 20:41:44 UTC

It should have been detected a long time ago, strange to only detect it now.

Could someone tell me the link so I can download these files and test them here on my virtual machine?

In valkyrie it says it’s clean.

No! This has now been packaged into a clean looking new unsigned file.

looks like SecureAge is a good thing to use, as long as you pay for it.

But Static Analysis and Signatures detected it.VirusScope detected the file with Static Analysis
AI is getting more powerfull now days

Signatures can detect 99% of the time but the 1% can slipp in and infect the machine.
That is why Xcitium has changed and fixed the problem with Containment.

1 Like