Hacker News new | past | comments | ask | show | jobs | submit login

If you are a paid subscriber you get extra bits from VirusTotal.

One of which is you can see what files are "parents" of the sample. In this case, there are a bunch of zip files that contain this file, all named Immunity Canvas or similar. Canvas is a pentesting tool where they publish exploits, so I guess he's saying you can attribute it to Immunity.

And yes, VirusTotal lets you download the file if you pay. It's the foundation of the "threat-intelligence" industry :)

Oh this is interesting context.

I remember Immunity advertising about an exploit for spectre they have, and it's easy to find: https://twitter.com/immunityinc/status/959155986098421760

Very likely that this is what the top poster found.

nice, I hadn't spotted that. Not much to go on in the screenshot but what is there looks similar to the sample in the linked article

> And yes, VirusTotal lets you download the file if you pay

Indeed, so it is critical to never upload any binaries to them that you do not have full permission to redistribute. Nowadays they are very open about the sharing, but in the past this was kind of hidden.

Sounds like the RIAA or similar would still be all over them, if they become aware of the practice.

Not sure if that's good, bad, or something else, though. :)

They're free to download and execute any files... Just to be sure.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact