<ciso brief/>
Tag Banner

All news with #sigma rules tag

all tags →

Fri, January 10, 2025

Turning Threat Research into Practical VirusTotal Detections

#Behavioral Detection #Detection Engineering #Lummac Stealer #Sigma Rules #Sysmon #Threat Hunting #Threat Report #VenomRAT #VirusTotal

🔎 Detection engineering guidance for researchers and defenders. This post shows how VirusTotal can be used to hunt for recent, sandboxed samples and derive behavioral Sigma rules by combining targeted VT queries, sandbox logs (CAPE/Zenbox), and manual analysis. Using Lummac and VenomRAT examples, the team created experimental Sigma detections for process execution (more.com/vbc.exe) and suspicious .conf file creation to aid SOCs and hunting teams.

read more →