Following MITRE’s footsteps in analyzing malware behavior

The MITRE framework helps all defenders speak the same language regarding attackers’ modus operandi. VirusTotal provides multiple data points where MITRE’s Tactics and Techniques are dynamically extracted from samples when detonated in our sandboxes.
In particular, samples’ MITRE mapping can be found under the BEHAVIOR tab of a file’s report. This data is searchable in VirusTotal Intelligence (VTI) with the help of a set of specific file search modifiers.
In this article, we’ll illustrate how security analysts can leverage MITRE for malware detection and behavior-based hunting for ransomware and keylogger samples.

Hunting for Ransomware

The security industry historically identified a set of commonly used techniques in Ransomware campaigns, including inhibiting the system recovery and discovering local files and network shares for later data encryption, usually combined with exfiltration and/or Command and Control techniques.

Common TTPs of modern ransomware groups by Kaspersky

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from VirusTotal Blog

Read the original article: