The path from VT Intelligence queries to VT Livehunt rules: A CTI analyst approach
ID: 9348b5ef-9805-5b41-96f7-5727577cecad
STIX ID: report--9348b5ef-9805-5b41-96f7-5727577cecad
Feed Name: VirusTotal Blog
Threat Score
This post explains how to convert VirusTotal Intelligence (VTI) queries into LiveHunt YARA rules, using practical examples for Bitter APT, RomCom RAT, and Gamaredon. It highlights behavioral indicators (processes, command-line patterns, file tags, network activity), provides example queries and YARA rules, discusses limitations when mapping VTI fields to LiveHunt, and points to public GitHub rule repositories for reuse.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.