AlienVault OTX – Polarity

AlienVault OTX – Polarity

Here we have a Malicious File Hash provided to us in a .txt file, possibly by a ticketing system, an email, another security analyst etc. We can use Polarity’s capabilities to quickly see if this incident warrants further investigation.

File Hash:

2cf6c9b1eb7ec23f29c32cde0b08b0c10b779b4651d762f289e07e5d9313cd04

If we are in On Demand Mode in the polarity overlay, we can use the hot keys to run the analysis ( Hold ( Ctrl + C ) or ( Ctrl + Shift + C ) depending on the default you chose when installing

Running the Hash returned a Pulse from AlienVault OTX. The description describes it as ransomware, this definitely requires further investigation.

We can click the View in AlienVault OTX Link in the overlay console (Or right-click & copy URL, paste in browser).

This page shows a more Detailed View of the Malware Sample,

Timeline

On this page you can turn on Highlight Mode in your polarity overlay and mouse over information you may find useful to your investigation like IP Addresses, Hashes, Aliases, Filenames etc.

A lot of information has already been gathered by AlienVault OTX to help you prioritize what incident you should be focusing on, I would place this incident as a high ranking in a triage because the attacks are of high frequency are still active, if we look at the anti-virus detections & timeline.