Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 18631 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scan for specific MD5 or SHA hashes?

Lee7

We have a reqeust to scan our PC's for files with specific MD5 SHA hashes, is there a way that I can add these to Sophos? 

This is relating to the Anthem/DeepPanda attack, we are not accosiated with Anthem but would like to take measures to protect ourselves.

Thanks.

File Names MD5 HashSHA-1
dump32.exe59c311a7299ed0b71ed0035f8f526ad65a719d33b6b45ed85d23b44258b5a251927c7b1a
dump32.exebe271eada42756568776532d156840c7d1d616f26eaee0a448148ffacf6ed45321beb21b
dump64.exeNo Hash Value providedNo Hash Value provided
lsremora32.dll5d9a6ca3f731e8ad8d596803b2db0a9c41cb5389cf06d056f99979bcbca7417652e1ac91
lsremora32.dll68e0a5360677781567772ecd779e0d150522b9b68a8aa245d06cba292b2ced92153f3ed4
:55731


This thread was automatically locked due to age.
Parents
  • 0

    Hi QC, thanks for the reply.

    We want to scan for the hashes because as you know the filename can change. We actually wanted to use Sophos to detect and quarantene/delete these files using the on-access scanner or at least the full scanner. I am not sure how this information came about but apparently these files were used in the recent Anthem attack.

    I will look for a tool to manually do a once-off scan just to make sure we do not currently have these files on any of our PC's.

    Thanks.

    :55736
Reply
  • 0

    Hi QC, thanks for the reply.

    We want to scan for the hashes because as you know the filename can change. We actually wanted to use Sophos to detect and quarantene/delete these files using the on-access scanner or at least the full scanner. I am not sure how this information came about but apparently these files were used in the recent Anthem attack.

    I will look for a tool to manually do a once-off scan just to make sure we do not currently have these files on any of our PC's.

    Thanks.

    :55736
Children
No Data