Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability found for VirusTotal

    AVID-2023-V003

    Vulnerability from avid – Published: 2023-03-31 – Updated: 2023-03-31 ATLAS Case Study
    Summary
    McAfee Advanced Threat Research noticed an increase in reports of a certain ransomware family that was out of the ordinary. Case investigation revealed that many samples of that particular ransomware family were submitted through a popular virus-sharing platform within a short amount of time. Further investigation revealed that based on string similarity the samples were all equivalent, and based on code similarity they were between 98 and 74 percent similar. Interestingly enough, the compile time was the same for all the samples. After more digging, researchers discovered that someone used 'metame' a metamorphic code manipulating tool to manipulate the original file towards mutant variants. The variants would not always be executable, but are still classified as the same ransomware family.
    Risk domain
    Security
    SEP view
    S0601: Ingest Poisoning
    Lifecycle
    L03: Data Preparation
    Organisations
    VirusTotal (deployer)
    Affected artifacts
    Artifact Type
    VirusTotal System
    References
    URL Label
    https://atlas.mitre.org/studies/AML.CS0002 VirusTotal Poisoning

    {
      "affects": {
        "artifacts": [
          {
            "name": "VirusTotal",
            "type": "System"
          }
        ],
        "deployer": [
          "VirusTotal"
        ],
        "developer": []
      },
      "credit": [
        {
          "lang": "eng",
          "value": "McAfee Advanced Threat Research"
        }
      ],
      "data_type": "AVID",
      "data_version": "0.2",
      "description": {
        "lang": "eng",
        "value": "McAfee Advanced Threat Research noticed an increase in reports of a certain ransomware family that was out of the ordinary. Case investigation revealed that many samples of that particular ransomware family were submitted through a popular virus-sharing platform within a short amount of time. Further investigation revealed that based on string similarity the samples were all equivalent, and based on code similarity they were between 98 and 74 percent similar. Interestingly enough, the compile time was the same for all the samples. After more digging, researchers discovered that someone used \u0027metame\u0027 a metamorphic code manipulating tool to manipulate the original file towards mutant variants. The variants would not always be executable, but are still classified as the same ransomware family."
      },
      "impact": {
        "avid": {
          "lifecycle_view": [
            "L03: Data Preparation"
          ],
          "risk_domain": [
            "Security"
          ],
          "sep_view": [
            "S0601: Ingest Poisoning"
          ],
          "taxonomy_version": "0.2"
        }
      },
      "last_modified_date": "2023-03-31",
      "metadata": {
        "vuln_id": "AVID-2023-V003"
      },
      "problemtype": {
        "classof": "ATLAS Case Study",
        "description": {
          "lang": "eng",
          "value": "VirusTotal Poisoning"
        },
        "type": "Advisory"
      },
      "published_date": "2023-03-31",
      "references": [
        {
          "label": "VirusTotal Poisoning",
          "type": "source",
          "url": "https://atlas.mitre.org/studies/AML.CS0002"
        }
      ],
      "reports": null
    }