This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Has sophos released any signatures/updates to detect Epic Manchego malware

Hi everyone i have been reading the article https://www.ncsc.gov.uk/report/weekly-threat-report-11th-september-2020 about how Epic Manchego maleware has shutdown Newcastle university. Has Sophos central endpoint got an update for this that will detect this malware.



This thread was automatically locked due to age.
Parents Reply Children
  • Hi this was just a general question if Sophos is able to detect this anomaly 

  • Hello lara20,

    Epic Manchego is the name assigned by NVISO Labs to an (assumed) group of malware writers ("gang", "threat actors", whatever) that use a certain methodology to hide malicious code in Excel spreadsheets. The (mis)conception that something with a catchy name is a this malware or this anomaly against which there is no defence just because it was involved in a successful attack is widespread. And similarly that AV vendors have to rush to release updates  that result in a detection of the same name.

    Please note that according to the NVISO blog [w]hile the approach to create malicious documents is unique, the methodologies for payload delivery as well as actual payloads are not, and should be stopped or detected by modern technologies. Furthermore from the same source: The actor is likely experimenting and evolving its methodology.:

    Conclusion (just my personal opinion): a) while detection of this methodology is desirable it shouldn't really matter as this is just a link in the delivery chain for a variety of payloads; b) even if today's answer is yes it might no longer be true tomorrow. 

    Christian