CyberSecurityBoard
Sponsor Register Login

VT Livehunt Cheat Sheet ~ VirusTotal Blog

VirusTotal Livehunt is a service that continuously scans all incoming indicators and notifies you when any of them matches your rules.
Livehunt not only monitors files, but also domains, URLs, and IP addresses.
In this post we detail a few practical examples along with useful tips.
This YARA module was created for VT Hunting services to provide all available context data, which is structured in two main sections: metadata and behaviour.
You can find more information about the VT module here.
Analysts can create rules to hunt based on the metadata information that VirusTotal gathers and processes.
We are referring to hunting files by characteristics, reputation, and even contextual details.
This would allow analysts to detect files of a certain type that were submitted several times from a given country, and that more than 5 antiviruses have flagged as malicious.
This example defines a rule focused on detecting potentially malicious DOCX files with macros.
DOCX. The next condition matches files flagged as malicious by more than 5 antivirus engines in VirusTotal.
This filters out most of the benign files, and can be adjusted according to the investigation.
The following rule is designed to identify PowerShell execution by manipulating metadata fields of.
This technique is frequently utilized by malware to avoid detection and initiate attacks.
Dynamic analysis can bring great value on top of static one.
This key allows programs to automatically execute once when a user logs in, often exploited by malware to maintain presence on a system.
This directory is often used to host scripts that automatically execute during user login, making it a common target for malware seeking persistence or automatic execution.
The second condition is very similar but checks the file path for files written during detonation.
The VirusTotal YARA module brings you unprecedented flexibility in crafting Livehunt rules combining traditional file content analysis with rich metadata information and behavioral patterns from dynamic analysis.
If you have any suggestions or want to share feedback please feel free to reach out here.


This Cyber News was published on blog.virustotal.com. Publication date: Tue, 06 Feb 2024 14:43:05 +0000


Cyber News related to VT Livehunt Cheat Sheet ~ VirusTotal Blog

VT Livehunt Cheat Sheet ~ VirusTotal Blog - VirusTotal Livehunt is a service that continuously scans all incoming indicators and notifies you when any of them matches your rules. Livehunt not only monitors files, but also domains, URLs, and IP addresses. In this post we detail a few practical ...
1 year ago Blog.virustotal.com
Sigma rules for Linux and MacOS ~ VirusTotal Blog - TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily converting them to YARA Livehunts. At that time ...
1 year ago Blog.virustotal.com
Virustotal Shares New Ideas to Track Threat Actors - In a recent presentation at the FIRST CTI in Berlin and Botconf in Nice, VirusTotal unveiled innovative methods to track adversary activity by focusing on images and artifacts used during the initial stages of the kill chain. Traditionally, threat ...
8 months ago Cybersecuritynews.com
VirusTotal: Generative AI is Great at Detecting, Identifying Malware - Generative AI engines similar to OpenAI's ChatGPT and Google's Bard will become indispensable tools for enterprises and cybersecurity operations in detecting and analyzing malicious code in a real-world environment, according to researchers with ...
1 year ago Securityboulevard.com
Apex Legends players worried about RCE flaw after ALGS hacks - Electronic Arts has postponed the North American finals of the ongoing Apex Legends Global Series after hackers compromised players mid-match during the tournament. ALGS is an esports tournament series where players compete in a fast-paced, strategic ...
11 months ago Bleepingcomputer.com
AI Boosts Malware Detection Rates by 70% - Threat intelligence-sharing platform VirusTotal has unveiled new research showing how AI can be used by cyber defenders to enhance malware analysis. Through the research, VirusTotal found that AI is extremely effective in analyzing malicious code, ...
1 year ago Infosecurity-magazine.com
capa Explorer Web: A Web-Based Tool for Program Capability Analysis | Google Cloud Blog - For static analysis results, the function capabilities view groups rule matches by function address, allowing reverse engineers to quickly identify functions with key behavior (see Figure 6). The interface offers different views including a table ...
4 months ago Cloud.google.com
Weekly Blog Wrap-Up - Welcome to the TuxCare Weekly Blog Wrap-Up - your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the way your organization protects its data and customers. At TuxCare, we understand the ...
1 year ago Securityboulevard.com
Microsoft warns of Windows 11 24H2 gaming performance issues - Microsoft has blocked Windows 24H2 upgrades on some systems because of known issues causing Asphalt 8 game crashes and Easy Anti-Cheat blue screens. ​On Monday, Microsoft fixed another known issue that caused reboot loops, system freezes, ...
4 months ago Bleepingcomputer.com
CVE-2018-2626 - Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows ...
5 years ago
CVE-2018-2592 - Vulnerability in the Oracle Financial Services Balance Sheet Planning component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low ...
5 years ago
CVE-2020-2936 - Vulnerability in the Oracle Financial Services Balance Sheet Planning product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low ...
4 years ago
Weekly Blog Wrap-Up - Welcome to the TuxCare Weekly Blog Wrap-Up - your go-to resource for the latest insights on cybersecurity strategy, Linux security, and how to simplify the way your organization protects its data and customers. At TuxCare, we understand the ...
1 year ago Securityboulevard.com
Apex Legends esports final delayed by hack claims - Apex Legends is a battle royale-style online multiplayer game launched as a competitor to Fortnite. The North American esports final of online shooter Apex Legends has been postponed following claims of hacking. Clips shared by players show unwanted ...
11 months ago Packetstormsecurity.com
Know your enemies: An approach for CTI teams ~ VirusTotal Blog - VirusTotal's Threat Landscape can be a valuable source of operational and tactical threat intelligence for CTI teams, for instance helping us find the latest malware trends used by a given Threat Actor to adjust our intelligence-led security posture ...
11 months ago Blog.virustotal.com
We Made It, Together: 20 Years of VirusTotal! ~ VirusTotal Blog - George Kurtz, President/CEO and co-founder of CrowdStrike. Shane Huntley, Sr Director Google Threat Intel and cofounder of TAG. One of the things we're most proud of is how VirusTotal has always been a team effort. From our dedicated staff to our ...
8 months ago Blog.virustotal.com
Dirig Sheet Metal hit by Akira Ransomware Gang - Actor: akira ...
1 year ago Twitter.com
Northeastern Sheet Metal hit by Play Ransomware Gang - Actor: play ...
1 year ago Twitter.com
CVE-2024-6590 - The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability ...
4 months ago Tenable.com
Hackers Gaining Unauthorized Access to Windows Devices Through Silver and BYOVD Exploits - Last summer, cybercriminals began using Sliver as an alternative to Cobalt Strike, using it for monitoring networks, executing commands, loading reflective DLLs, spawning sessions, and manipulating processes. Recently, attacks have been observed ...
2 years ago Heimdalsecurity.com
CVE-2023-32317 - Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor ...
1 year ago
Dota 2 Players Unknowingly Downloaded Malicious Mods Containing Malware - Security researchers have uncovered four malicious modifications for the popular Dota 2 multiplayer online battle arena video game that were created by a malicious actor and uploaded to the Steam store. Jan Vojtěšek, a malware researcher at Avast ...
2 years ago Bleepingcomputer.com
Apex Legends pro tourney canned following cheaty cyberattack The Register - Esports pros competing in the Apex Legends Global Series Pro League tournament were forced to abandon their match today due to a suspected cyberattack. In the early hours of Monday morning, two professional Apex Legends players competing in two ...
11 months ago Go.theregister.com
What’s Inside Microsoft’s Major Windows 11 Update? - You can unsubscribe at any ...
4 months ago Techrepublic.com
Sophisticated macOS Infostealers Get Past Apple's Built-In Detection - Increasingly sophisticated infostealers are targeting macOS with the capability to evade Apple's built-in malware protection, as attackers are becoming more savvy about how to crack static signature-detection engines like the platform's proprietary ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)