CyberSecurityBoard
Sponsor Register Login

VT Livehunt Cheat Sheet ~ VirusTotal Blog

VirusTotal Livehunt is a service that continuously scans all incoming indicators and notifies you when any of them matches your rules.
Livehunt not only monitors files, but also domains, URLs, and IP addresses.
In this post we detail a few practical examples along with useful tips.
This YARA module was created for VT Hunting services to provide all available context data, which is structured in two main sections: metadata and behaviour.
You can find more information about the VT module here.
Analysts can create rules to hunt based on the metadata information that VirusTotal gathers and processes.
We are referring to hunting files by characteristics, reputation, and even contextual details.
This would allow analysts to detect files of a certain type that were submitted several times from a given country, and that more than 5 antiviruses have flagged as malicious.
This example defines a rule focused on detecting potentially malicious DOCX files with macros.
DOCX. The next condition matches files flagged as malicious by more than 5 antivirus engines in VirusTotal.
This filters out most of the benign files, and can be adjusted according to the investigation.
The following rule is designed to identify PowerShell execution by manipulating metadata fields of.
This technique is frequently utilized by malware to avoid detection and initiate attacks.
Dynamic analysis can bring great value on top of static one.
This key allows programs to automatically execute once when a user logs in, often exploited by malware to maintain presence on a system.
This directory is often used to host scripts that automatically execute during user login, making it a common target for malware seeking persistence or automatic execution.
The second condition is very similar but checks the file path for files written during detonation.
The VirusTotal YARA module brings you unprecedented flexibility in crafting Livehunt rules combining traditional file content analysis with rich metadata information and behavioral patterns from dynamic analysis.
If you have any suggestions or want to share feedback please feel free to reach out here.


This Cyber News was published on blog.virustotal.com. Publication date: Tue, 06 Feb 2024 14:43:05 +0000


Cyber News related to VT Livehunt Cheat Sheet ~ VirusTotal Blog

VT Livehunt Cheat Sheet ~ VirusTotal Blog - VirusTotal Livehunt is a service that continuously scans all incoming indicators and notifies you when any of them matches your rules. Livehunt not only monitors files, but also domains, URLs, and IP addresses. In this post we detail a few practical ...
5 months ago Blog.virustotal.com
Sigma rules for Linux and MacOS ~ VirusTotal Blog - TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily converting them to YARA Livehunts. At that time ...
6 months ago Blog.virustotal.com
Virustotal Shares New Ideas to Track Threat Actors - In a recent presentation at the FIRST CTI in Berlin and Botconf in Nice, VirusTotal unveiled innovative methods to track adversary activity by focusing on images and artifacts used during the initial stages of the kill chain. Traditionally, threat ...
1 month ago Cybersecuritynews.com
VirusTotal: Generative AI is Great at Detecting, Identifying Malware - Generative AI engines similar to OpenAI's ChatGPT and Google's Bard will become indispensable tools for enterprises and cybersecurity operations in detecting and analyzing malicious code in a real-world environment, according to researchers with ...
7 months ago Securityboulevard.com
Apex Legends players worried about RCE flaw after ALGS hacks - Electronic Arts has postponed the North American finals of the ongoing Apex Legends Global Series after hackers compromised players mid-match during the tournament. ALGS is an esports tournament series where players compete in a fast-paced, strategic ...
3 months ago Bleepingcomputer.com
AI Boosts Malware Detection Rates by 70% - Threat intelligence-sharing platform VirusTotal has unveiled new research showing how AI can be used by cyber defenders to enhance malware analysis. Through the research, VirusTotal found that AI is extremely effective in analyzing malicious code, ...
7 months ago Infosecurity-magazine.com
Weekly Blog Wrap-Up - Welcome to the TuxCare Weekly Blog Wrap-Up - your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the way your organization protects its data and customers. At TuxCare, we understand the ...
6 months ago Securityboulevard.com
CVE-2018-2626 - Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows ...
4 years ago
CVE-2018-2592 - Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low ...
4 years ago
CVE-2020-2936 - Vulnerability in the Oracle Financial Services Balance Sheet Planning product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low ...
4 years ago
Weekly Blog Wrap-Up - Welcome to the TuxCare Weekly Blog Wrap-Up - your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the way your organization protects its data and customers. At TuxCare, we understand the ...
5 months ago Securityboulevard.com
Apex Legends esports final delayed by hack claims - Apex Legends is a battle royale-style online multiplayer game launched as a competitor to Fortnite. The North American esports final of online shooter Apex Legends has been postponed following claims of hacking. Clips shared by players show unwanted ...
3 months ago Packetstormsecurity.com
Know your enemies: An approach for CTI teams ~ VirusTotal Blog - VirusTotal's Threat Landscape can be a valuable source of operational and tactical threat intelligence for CTI teams, for instance helping us find the latest malware trends used by a given Threat Actor to adjust our intelligence-led security posture ...
3 months ago Blog.virustotal.com
We Made It, Together: 20 Years of VirusTotal! ~ VirusTotal Blog - George Kurtz, President/CEO and co-founder of CrowdStrike. Shane Huntley, Sr Director Google Threat Intel and cofounder of TAG. One of the things we're most proud of is how VirusTotal has always been a team effort. From our dedicated staff to our ...
1 month ago Blog.virustotal.com
Dirig Sheet Metal hit by Akira Ransomware Gang - Actor: akira ...
5 months ago Twitter.com
Northeastern Sheet Metal hit by Play Ransomware Gang - Actor: play ...
5 months ago Twitter.com
Hackers Gaining Unauthorized Access to Windows Devices Through Silver and BYOVD Exploits - Last summer, cybercriminals began using Sliver as an alternative to Cobalt Strike, using it for monitoring networks, executing commands, loading reflective DLLs, spawning sessions, and manipulating processes. Recently, attacks have been observed ...
1 year ago Heimdalsecurity.com
CVE-2023-32317 - Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor ...
1 year ago
Dota 2 Players Unknowingly Downloaded Malicious Mods Containing Malware - Security researchers have uncovered four malicious modifications for the popular Dota 2 multiplayer online battle arena video game that were created by a malicious actor and uploaded to the Steam store. Jan Vojtěšek, a malware researcher at Avast ...
1 year ago Bleepingcomputer.com
Apex Legends pro tourney canned following cheaty cyberattack The Register - Esports pros competing in the Apex Legends Global Series Pro League tournament were forced to abandon their match today due to a suspected cyberattack. In the early hours of Monday morning, two professional Apex Legends players competing in two ...
3 months ago Go.theregister.com
Sophisticated macOS Infostealers Get Past Apple's Built-In Detection - Increasingly sophisticated infostealers are targeting macOS with the capability to evade Apple's built-in malware protection, as attackers are becoming more savvy about how to crack static signature-detection engines like the platform's proprietary ...
5 months ago Darkreading.com
VTMondays ~ VirusTotal Blog - Short lessons: VTMondays are packed with valuable info in under 5 minutes read. Real-world scenarios: We're not talking theory, we're talking hunting malware, using intelligence to build up your defenses and staying ahead of the curve. Actionable ...
6 months ago Blog.virustotal.com
Hunting for malicious domains with VT Intelligence ~ VirusTotal Blog - Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here. Many cyberattacks begin by victims visiting compromised websites that host malware or phishing scams, threat actors use domains for ...
6 months ago Blog.virustotal.com
The 20 Most Popular TechRepublic Articles in 2023 - 20 Most Popular TechRepublic Articles in 2023 Here's a list of the 20 most popular articles published by TechRepublic in 2023. Read articles about ChatGPT, Google Bard, Windows 11 and more. This year, developments in generative AI dominated the tech ...
6 months ago Techrepublic.com
CVE-2011-1402 - Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)