We use cookies to improve your experience on our site.
AVID-2023-V003
Description
VirusTotal Poisoning
Details
McAfee Advanced Threat Research noticed an increase in reports of a certain ransomware family that was out of the ordinary. Case investigation revealed that many samples of that particular ransomware family were submitted through a popular virus-sharing platform within a short amount of time. Further investigation revealed that based on string similarity the samples were all equivalent, and based on code similarity they were between 98 and 74 percent similar. Interestingly enough, the compile time was the same for all the samples. After more digging, researchers discovered that someone used ‘metame’ a metamorphic code manipulating tool to manipulate the original file towards mutant variants. The variants would not always be executable, but are still classified as the same ransomware family.
References
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0601: Ingest Poisoning
- Lifecycle stages: L03: Data Preparation
Affected or Relevant Artifacts
- Developer:
- Deployer: VirusTotal
- Artifact Details:
Type Name System VirusTotal
Other information
- Vulnerability Class: ATLAS Case Study
- Credits: McAfee Advanced Threat Research
- Date Published: 2023-03-31
- Date Last Modified: 2023-03-31
- Version: 0.2
- AVID Entry