Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here.
VT Intelligence can be a powerful tool for monitoring malware trends, enhancing your detection capabilities and enabling proactive defense against evolving threats.
To leverage it effectively, analysts can refine searches with threat indicators relevant to their business, technologies and to the malware trends occurring at the moment.
Analysts can use this intelligence to identify and hunt emerging malicious samples and investigate new trends and capabilities.
To begin with a simple query we will search for new files first seen during the last week and detected by AV vendors as keylogger with more than 5 positives.
In our second query we search for fresh Windows, Linux or MacOS files.
To focus on popular/emerging malware, we will use the submissions modifier with a relatively high number, these thresholds serve as illustrative examples and can be adjusted according to the investigation.
Finally, we will look for Zip files that potentially contain ransomware.
An alternative way of detecting ransomware is through dedicated YARA rules.
You can learn more about file search modifiers in the documentation.
This Cyber News was published on blog.virustotal.com. Publication date: Mon, 01 Jan 2024 11:43:05 +0000