Palo Alto Networks Knowledgebase: How to Find Virus Details if Not Available in the Threat Vault

How to Find Virus Details if Not Available in the Threat Vault

(340 Views)
Created On 09/26/18 13:44 PM - Last Updated 09/26/18 14:00 PM
Categories:  Threat Intelligence,  Threat Prevention

Issue:


Solution:


Issue

Threat details can be found in the Palo Alto Networks Threat Vault at https://threatvault.paloaltonetworks.com/. In some cases, however, the information for a detected virus on the Palo Alto Networks firewall is not available in the Threat Vault. For example, the firewall detected the virus,  "JS/Trojan.blacoleref.w (threat id# is 253849)":

> show threat id 253849

This signature detected JS/Trojan.blacoleref.w

medium

virus

A search in the Threat Vault does not return information on "JS/Trojan.blacoleref.w (threat id# is 253849)":

TV.png

Resolution

Follow the steps below to find the details of the virus:

  1. Open a case with Palo Alto Networks Support and request the MD5 information for the detected virus. The following is an example of the MD5 value for "JS/Trojan.blacoleref.w":
    MD5: 2695576276bca0c699c865599436efeb
  2. Visit the Virus Total site : https://www.virustotal.com/en
    VTotal.png
  3. Click "search".
  4. Enter the MD5 value and click "Search it!"
    VTotal2.png
  5. The resulting virus name lists from searched virus engines are displayed.
    VTotal3.png
  6. For this example, the search results will show that Microsoft detected this as Trojan:JS/BlacoleRef.CM.
    VTotal4.png
    You can find the virus detail from Microsoft site.
    http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3AJS%2FBlacoleRef.CM

owner: kkondo

Attachments:

Actions:
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cln5CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Change Language: