WebsiteLinkedIn

Adding a New Sample to the Library

This option allows the user to add a new artifact to the Platform. To add a new sample to the library, follow the steps below:

  1. In the Threat Library tab select the "New Artifact" button at the top right.

  2. A form will open. Fill in all the fields with the information related to the sample.

  • Platform: Here the user select the type of operating system for which the sample is intended (Windows or Linux).

Ext. Allowed

When selecting this option, there is a "choose file" section where the user will have to choose which artifact to add to the Platform.

Artifact Report

If the user have any document with more extensive or specific information about the artifact, it will be added at this point, in PDF format.

Severity

Here the user select the threat level of the artifact to be added (Critical, High, Low, Midd, None, Zero-Day).

MITRE ATT&CK Tactics

Mitre's tactics and techniques, used in the specific artifact, are selected, which are a set of techniques used by the adversaries to achieve a specific aim. For more information see https://attack.mitre.org/.

Description

Here the description of the artifact is assigned, i.e., what type of malware it is, what its malicious, suspicious, and informative behaviors are.

Show Options

Selecting this function will enable more advanced options for the sample.

  • ATT&CK Navigator URL: Here we can attach the MITRE link of the artifact.

  • Callback: This option is selected if the artifact or sample can send the callback to the remote server attack.

  • Force Network Cybersecurity: In this option the "manifests" of the encrypted artifacts are added.

Show Resolution Actions

By selecting this function, we can add more artifact information, the network, Endpoint, and Callback resolution actions are added, which for artifacts loaded by EVE includes information such as their hashes or flags, string-based YARA Rule, and MITRE-based mitigations. Note that the user can add the own resolution actions to the samples the user load.

  1. Click on to save and load the sample to the library. The sample is now available for testing and/or emulation.

PreviousObtaining Artifact DetailsNextCreate a Package From the Threat Library Section

Last updated