Does avast detect Hawkeye generic malware in PUP-mode?

21 engines now detect this: https://www.virustotal.com/gui/file/843edc7bc28351c5404d3e03b1a989a26b07b0644874a063952460a6f7ae6a42/detection
See: https://urlhaus.abuse.ch/url/336708/
Site has been blacklisted: https://sitecheck.sucuri.net/results/robotrade.com.vn
See: https://www.shodan.io/host/103.74.123.3/raw
Google Safe Browse checks have been performed on each of the linked sites.
Links with poor reputation could be a threat to users of the site.
Hosting and location are also included in the results.

Externally Linked Host Hosting Provider Country
-derchris.net Cloudflare. United-States
-www.cloudflare.com Cloudflare. United-States

Hosting: https://www.shodan.io/host/103.74.123.3 503 insecure!
Service Unavailable 503 error
The server is temporarily busy, try again later!

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Hard to say, given no detection by Avast or AVG in the VT Results. But they only use the on-demand scanner, so other on-access scanners might.

I wonder if there is some way to send the MD5/SHA-, etc. to avast and see if they can pull it from VT or see if they have a match on the MD5/SHA-, etc.

In due course all non-detected samples should be sent to those AVs not detecting malware.

A good place to ask Damien is on Slack.

Good advice, bob3160, well I also sent it down via Suspicious Site Reporter extension.
Guess that avast team follows URLHaus reports and GreyNoise reports as well.
They told me so.

Then av is like Reader’s Digest, they have to make a selection of what to flag ;D

Apart from that everyone has his own responsibility as well,
and it is a great thing you and DavidR share that responsibility.
We are always out in the trenches, in whatever position,
that we contribute in the fight against malware and malcreants.

Best regards and keep healthy during these days of the corona-virus pandemic, :slight_smile:

Damian a.k.a. polonus

Hi guys, Avast detects it now.

https://www.virustotal.com/gui/file/843edc7bc28351c5404d3e03b1a989a26b07b0644874a063952460a6f7ae6a42/detection