Hash Value not detected by Palo Alto Engine
Hi Team,
I just want to know why the below mentioned Hash value is not detected in our Palo Alto Engine as a malicious file type.
But at the same time on the Virus Total we are able to see some of the engines are detected it as malicious.
Please review the below mentioned HASH value and share me with your thoughts on this.
MD5 HASH Details:
b66be2f7c046205b01453951c161e6cc
46b318bbb72ee68c9d9183d78e79fb5a
b3efec620885e6cf5b60f72e66d908a9
d790997dd950bb39229dc5bd3c2047ff
58bb2236e5aee39760d3e4fc6ee94a79
VirusTotal Results:
Result of 1st Hash Value --> VirusTotal
Result of 2nd Hash Value --> VirusTotal
Result of 3rd Hash Value --> VirusTotal
Result of 4th Hash Value --> VirusTotal
Result of 5th Hash Value --> VirusTotal
Please review on the given information and let us know on why Palo Alto Networks Engine not detected this file type and unable to give the verdict in ThreatVault.
Best Regards,
Sahul Hameed
There could be several reasons that the hash is not included in ThreatVault: the files may not have been 'seen' by any WildFire enabled devices, hence no verdict is available.
They could have been rolled up into a different/generic signature that covers the trojans but is not listed as the hash, since the hash is only used (by WildFire) to identify a specific file, but the same trojan may be injected into many different files.
for a conclusive answer on your question I would recommend reaching out to Palo TAC as they can check their backend servers to see if this file is identified differently, or is missing
hope this helps