Malicious sample search

By Kungen @ CyberSword

To search for a malicious sample, you must first know the basic information required to search for the sample, includingVirus name,Sample file name,HASH Value. For the latest detected virus,SECURELIST,VirusTotalThe website will immediately release analysis reports on viruses and samples, which contain the information we need to search for samples. The Red October virus sample is used as an example:

The Analysis on "Red June October" on SECURELIST contains the sample file name and the corresponding MD5:

With this key information, we use the following methods for sample search:

1.Search directly by name

InCaifan ForumDirectly search for the virus name in the "virus sample area" and find the download link of the red October virus sample.

2.Search by virus sample name or HASH Value

Open MalewareAndMalware. luThe two websites contain a large number of samples and a wide range of samples.

3. URLSearch

The URL of the malicious sample is sometimes mentioned in the virus analysis report and the reply to the forum discussion posts.

Messages in the VirusTotal sample analysis report:

Sample resource website summary:

Hxxp: // www.kernelmode.info/forum/viewtopic.php? F = 16 & t = 308

Hxxp: // zeltser.com/combating-malicious-software/malware-sample-sources.html

Recommended websites:

Securelist:Hxxp: // www.securelist.com (virus Analysis Report)

Virustotal:Hxxps: // www.virustotal.com (sample analysis website)

Open Maleware:Hxxp: // www.offensivecomputing.net/(sample download is provided without registration)

Malware. lu:Hxxp: // malware. lu/(the sample for downloading is complete and must be registered)

Meal Forum:Hxxp: // bbs.kafan.cn

Scumware:Hxxp: // www.scumware.org (sample search and download)

Malwareblacklist:Hxxp: // www.malwareblacklist.com (sample search and download can be performed based on URL, IP address, and domain name)