HQ/EMEAFind out how we can help your business
Researchers could easily look for detailed results from the malware intelligence platform on VirusTotal after the site published a cheat sheet. File search modifiers could aid with refining the output, but the newly developed cheat sheet reveals how researchers in real-world scenarios could combine the results to locate data.
A Google security engineer provided examples of how researchers can utilise the cheat sheet to identify files linked to specific documents, networks, entities, groups of activities, and non-Windows malware samples.
Using a specific entity search modifier, researchers can search for files according to IP addresses, URLs, domains, or files. In addition, cheat sheet developers also plan to include VirusTotal collections in the collection of modifiers.
The security engineer also explained that researchers could mix the name of the malware strain or the campaign with the verdict of AV engines on VirusTotal to help researchers trace a threat actor.
This strategy complements the detection mechanism for advanced attackers and would uncover related data in collections pooled by numerous platform users. The search can be reduced or combined with queries based on crowdsourced rules such as IDS, Sigma, and YARA.
Researchers would be delighted by the features offered by the VirusTotal cheat sheet.
The cheat sheet from VirusTotal covers samples of real-life malware attacks and cases where file search filter data signed by specific vendors and emails from a particular server with an attachment.
Potential users of the cheat sheet could also use keywords that give automatic results for other operating systems than Windows, Android, Symbian, and macOS.
However, the samples are processed using the open-source Androguard kit on Android to look inside the packages, manifest entities, certificate signatures, and code strings. The cheat sheet PDF is currently a three-paged file, but it contains several categories of keyword combinations to find suspicious or hostile files.
VirusTotal’s new feature could also become a shortcut to connect malware to operations from known and unidentified hackers or to spot new threats.
Finally, VirusTotal admins plan to improve the cheat sheet with new capabilities to make searching intelligence on the platform more convenient, straightforward, and targeted.
