Ghosts in the Endpoint

[omidomi]

We would like to introduce the first of our “Ghosts in the Endpoint” series, a report prepared by FireEye Labs that documents malicious software not being detected in the wild by traditional signature-based detections.

In this study, all the families identified are samples from VirusTotal (VT) with zero detections, but detected as malicious by our Multi-Vector Virtual Execution (MVX) Engine. We also added a few samples with very low detection rates (VT <=3) but with interesting bypass techniques.

Our goal is to share indicators that help the AV community and others improve their detection coverage.

Read more: https://www.fireeye.com/blog/threat-research/2016/04/ghosts_in_the_endpoi.html

btw: good thing are that i find 6 samples of them