Antivirus Content Updates

Question 1

What is included in the Antivirus packages?

Answer 1

1. antivirus signatures
2. Spyware DNS C2 Signatures
3. Spyware Autogen C2 Signatures
4. IP Malicious IP feed
5. IP Suspicious IP feed
6. IP Bulletproof IP feed
7. IP Tor exit IP feed

includes new and old

Question 2

What is the difference between Spyware DNS C2 Signatures and Spyware Autogen C2 Signatures?

Answer 2

DNS C2 Signatures rely on the analysis of DNS queries, Autogen C2 Signatures analyze the payload of the communication, allowing them to detect C2 traffic even when the domain or IP address of the C2 server is not previously known

Question 3

What are Spyware DNS C2 Signatures designed to do?

Answer 3

detect outbound C2 communication by monitoring DNS requests

Question 4

When do Spyware DNS C2 Signatures kick in?

Answer 4

when compromised hosts attempt to resolve domain names associated with known malicious command-and-control servers

Question 5

Based on what do Spyware Autogen C2 Signatures detect malware?

Answer 5

based on payload

Question 6

What is the main capability of Spyware Autogen C2 Signatures?

Answer 6

detect C2 communications with C2 hosts that are unknown or change rapidly

Question 7

What are Spyware Autogen C2 Signatures particularly effective in?

Answer 7

identifying malware that employs dynamic domain generation algorithms (DGAs) or uses previously unknown C2 domains for communication

Question 8

How are Spyware Autogen C2 Signatures generated?

Answer 8

automatically

Question 9

What are the 3 main categories that Antivirus package contain?

Answer 9

1. virus signatures
2. DNS anti-spyware signatures
3. integrated EDL IP addresses

EDL - bulletproof, high risk, known malicious, tor exit nodes

Question 10

What is the naming convention for antivirus packages?

Answer 10

panup-all-antivirus-xxxx-yyyy