Clustering Iran-Based Hacking Groups and Lone Iran-Based Hackers Online Handles Activity

The following is a list o…Clustering Iran-Based Hacking Groups and Lone Iran-Based Hackers Online Handles Activity was first posted on June 25, 2023 at 10:38 am.©2021 "". Use of this feed is for personal non-commercial use only. I… Continue reading Clustering Iran-Based Hacking Groups and Lone Iran-Based Hackers Online Handles Activity

VirusTotal += Mandiant Permhash: Unearthing adversary infrastructure and toolkits by leveraging permissions similarity

Last Monday our colleagues over at Mandiant rolled out Permhash. In their own words, Permhash is an extensible framework to hash the declared permissions applied to Chromium-based browser extensions and APKs allowing for clustering, hunting, and pivoti… Continue reading VirusTotal += Mandiant Permhash: Unearthing adversary infrastructure and toolkits by leveraging permissions similarity

Using similarity to expand context and map out threat campaigns

TL;DR: VirusTotal allows you to search for similar files according to different orthogonal notions (structure, visual layout, icons, execution behaviour, etc.). File similarity can be combined with the “have:” search modifier in order to gain more cont… Continue reading Using similarity to expand context and map out threat campaigns