VirusTotal Multisandbox += NSFOCUS POMA
We are pleased to announce that the multisandbox project has partnered with NSFOCUS POMA. This brings VirusTotal up to six integrated sandboxes. The NSFOCUS sandbox gives us insight into the behaviour of samples that run on Windows 7 and XP SP3.
In their own words:
NSFOCUS POMA, as an integral part of the NSFOCUS Threat Intelligence (NTI) system, is a cloud‐based malware analysis engine built by the NSFOCUS Security Lab. It can take various types of files and perform both static and dynamic analysis on them to detect potentially malicious behavior, and produce analytic reports in many formats (including STIX). This service can help a user to protect his environment from various threats, such as 0‐day attacks, advanced persistent threats (APTs), ransomware, botnets, cryptocurrency mining and other malware.
We are very honored and proud to bring such values to the VirusTotal users and community.
Here are a few examples:
You can find the sandbox behaviour reports on the behavior tab.
Threat Summary
At the top of the detailed report, right away we can see a summary of the detection.
Threat Detail
Within the threat detail section we can see the behavior in both Windows XP SP3 and Windows 7 SP1 ordered by risk, most important at the top.
Registry actions:
Within the behaviour report we can see an interesting UUID
Connecting the dots
Within VTGraph we can visually see the relationships between this sample, the IP address, domains and URLS that we know about
Read more: VirusTotal Multisandbox += NSFOCUS POMA
Story added 7. May 2019, content source with full text you can find at link above.