Rulename contains “UPX” and list = “Blacklist” This query will return all files where at least 20 AV engines detected it as malicious and at least one AV engine had “emotet” in the resulting output from the AV detection.
Name contains “emotet” and positives > 20 This query will return all files that are whitelisted by the administrator and have more than 20 AV engines identify it as malicious. This query language provides a simple, powerful, and easy-to-use interface to find malware samples that meet specific criteria. The primary method of searching for malware samples is to use the built-in Malware Analysis Center Query Language (MACQL).
0 kommentar(er)
