As malware naming schemes vary depending on who is first to report it, how it's referred to in the media, and how some companies use specific naming conventions, it can be confusing to understand how Defender for Endpoint detects specific malware families.
Microsoft names specific malware according to the Computer Antivirus Research Organization (CARO). For example, Microsoft detects the Sunburst cyberattack as Trojan:MSIL/Solorigate.BR!dha.
For example, search for the "Sunburst cyberattack hash". One of the websites returned in the search results should have the hash. In this example, the hash is a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc. Then, look up this hash in VirusTotal.
The results show the Microsoft row detects this malware as Trojan:MSIL/Solorigate.BR!dha. When you look up this malware name in the Microsoft Defender Security Intelligence website, you find information specific to that malware, including technical details and mitigation steps.
To earn this Microsoft Applied Skills credential, learners demonstrate the ability to use Microsoft Defender XDR to detect and respond to cyberthreats. Candidates for this credential should be familiar with investigating and gathering evidence about attacks on endpoints. They should also have experience using Microsoft Defender for Endpoint and Kusto Query Language (KQL).
Learn how Microsoft reviews software for privacy violations and other negative behavior, to determine if it's malware or a potentially unwanted application.