https://community.sophos.com/intercept-x-endpoint/f/discussions/128723/rebe1l-malware-was-not-detected-by-sophos---customer-saidPlease is there any intelligence report on Rebe1l malware that we can read on. I have a customer who has noted that Sophos Server Protection did not detect Rebe1l on a server the malware had been before Server Protection was installed.en-USTelligent Community 12https://community.sophos.com/thread/472439?ContentTypeID=1Mon, 05 Jul 2021 11:31:03 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:76b87dd7-6ac6-4613-80eb-aa513740f811Sophos User930<p>Given the info here for that hash:<br /><br /><a href="https://www.virustotal.com/gui/file/e2647be3a4726e65d7e37d2085644b292761102e2b07729887d1954f7f021b06/detection">VirusTotal</a></p> <div>2021-03-17 11:13:21<span>&nbsp;</span>UTC - 3 months ago</div> <p>Re-evaluating it now: &quot;2021-07-05 11:25:55<span>&nbsp;</span>UTC -&nbsp;1 minute ago&quot;</p> <p>It still only has 3 vendors, Crowdstrike naming has it down as &quot;<span>Win/malicious_confidence_60% (W)&quot;</span></p> <p><span>Where are they getting the info that the sample is malicious? The site quoted?</span></p><div style="clear:both;"></div>https://community.sophos.com/thread/472438?ContentTypeID=1Mon, 05 Jul 2021 10:47:53 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:20363688-c077-4042-b24f-0624adb7ca75James Olorunosebi<p>Hello GlenSen,</p> <p></p> <p>Customer is unable to find the file anymore, but says he has the hash. Would this information suffice? It is publicly accessible as well on this link:</p> <p><a href="https://threatinfo.net/files/rebe1l.exe-d841ab02340b04b05a6e665ce7f78975">threatinfo.net/.../rebe1l.exe-d841ab02340b04b05a6e665ce7f78975</a></p><div style="clear:both;"></div>https://community.sophos.com/thread/472387?ContentTypeID=1Mon, 05 Jul 2021 00:27:07 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:7c928c72-2db3-45f9-b734-207c1e32b712GlennSen<p>Hi There,</p> <p>Thank you for reaching us,&nbsp;can you confirm if the customer uses the recommended settings from Sophos which being described <a href="https://support.sophos.com/support/s/article/KB-000038565?language=en_US">here</a>.</p> <p>Also, do you still have the sample for the said malware? Can you submit the said sample through our sample submission portal in order for our labs&#39; team to check and validate the said sample? You may follow this <a href="https://support.sophos.com/support/s/article/KB-000033301?language=en_US">KB article</a> on how to submit a sample.</p><div style="clear:both;"></div>