Has sophos released any signatures/updates to detect Epic Manchego malware

Hi everyone i have been reading the article https://www.ncsc.gov.uk/report/weekly-threat-report-11th-september-2020 about how Epic Manchego maleware has shutdown Newcastle university. Has Sophos central endpoint got an update for this that will detect this malware.

  • Hi

    I would suggest you please submit a file sample to our labs team for analysis. You may follow this KB for instructions on submission: Submitting samples of suspicious files to Sophos 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

     

  • Hi this was just a general question if Sophos is able to detect this anomaly 

  • Hello lara20,

    Epic Manchego is the name assigned by NVISO Labs to an (assumed) group of malware writers ("gang", "threat actors", whatever) that use a certain methodology to hide malicious code in Excel spreadsheets. The (mis)conception that something with a catchy name is a this malware or this anomaly against which there is no defence just because it was involved in a successful attack is widespread. And similarly that AV vendors have to rush to release updates  that result in a detection of the same name.

    Please note that according to the NVISO blog [w]hile the approach to create malicious documents is unique, the methodologies for payload delivery as well as actual payloads are not, and should be stopped or detected by modern technologies. Furthermore from the same source: The actor is likely experimenting and evolving its methodology.:

    Conclusion (just my personal opinion): a) while detection of this methodology is desirable it shouldn't really matter as this is just a link in the delivery chain for a variety of payloads; b) even if today's answer is yes it might no longer be true tomorrow. 

    Christian