Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here.
VT Intelligence can be a powerful tool for monitoring malware trends, enhancing your detection capabilities and enabling proactive defense against evolving threats. To leverage it effectively, analysts can refine searches with threat indicators relevant to their business, technologies and to the malware trends occurring at the moment. Analysts can use this intelligence to identify and hunt emerging malicious samples and investigate new trends and capabilities.
To begin with a simple query we will search for new files (“entity:files”) first seen during the last week (“fs:7d+”) and detected by AV vendors as keylogger (“engines:keylogger”) with more than 5 positives (“p:5+”).
In our second query we search for fresh (“fs:7d+”) Windows, Linux or MacOS files (“type:peexe or type:elf or type:macho”). To focus on popular/emerging malware, we will use the submissions modifier with a relatively high number (“submissions:10+”), these thresholds serve as illustrative examples and can be adjusted according to the investigation.
Finally, we will look for Zip files (“type:zip”) that potentially contain ransomware. For discriminating using verdict of AV engines we use the “engines” keyword (“engines:ransom or engines:ransomware”) and use both “ransom” and “ransomware” strings as some engines use different cri
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from VirusTotal Blog
Read the original article: