file similarity – WindowsTechs.com

VirusTotal += Mandiant Permhash: Unearthing adversary infrastructure and toolkits by leveraging permissions similarity

Posted on May 17, 2023 by Emiliano Martinez

Last Monday our colleagues over at Mandiant rolled out Permhash. In their own words, Permhash is an extensible framework to hash the declared permissions applied to Chromium-based browser extensions and APKs allowing for clustering, hunting, and pivoti… Continue reading VirusTotal += Mandiant Permhash: Unearthing adversary infrastructure and toolkits by leveraging permissions similarity→

Using similarity to expand context and map out threat campaigns

Posted on November 26, 2020 by Emiliano Martinez

TL;DR: VirusTotal allows you to search for similar files according to different orthogonal notions (structure, visual layout, icons, execution behaviour, etc.). File similarity can be combined with the “have:” search modifier in order to gain more cont… Continue reading Using similarity to expand context and map out threat campaigns→