Reference
Livehunt vt module reference
This reference provides a detailed list of the various data types that can be matched against when using attributes within the vt module.
- HTTP Methods
- Network Protocols
- Behaviour traits
- Behaviour verdicts
- File types
- Google TI assessment severity types
- Google TI assessment verdicts
HTTP methods
vt.Http.Method.GET |
vt.Http.Method.HEAD |
vt.Http.Method.PATCH |
vt.Http.Method.POST |
vt.Http.Method.PUT |
vt.Http.Method.DELETE |
vt.Http.Method.TRACE |
vt.Http.Method.OPTIONS |
vt.Http.Method.CONNECT |
Network protocols
vt.Net.Protocol.ICMP |
vt.Net.Protocol.IGMP |
vt.Net.Protocol.TCP |
vt.Net.Protocol.UDP |
vt.Net.Protocol.ESP |
vt.Net.Protocol.AH |
vt.Net.Protocol.L2TP |
vt.Net.Protoco.SCTP |
Behaviour traits
vt.BehaviourTrait.BIG_UPSTREAM |
vt.BehaviourTrait.CHECKS_BIOS |
vt.BehaviourTrait.CHECKS_CPU_NAME |
vt.BehaviourTrait.CHECKS_DISK_SPACE |
vt.BehaviourTrait.CHECKS_GPS |
vt.BehaviourTrait.CHECKS_HOSTNAME |
vt.BehaviourTrait.CHECKS_MEMORY_AVAILABLE |
vt.BehaviourTrait.CHECKS_NETWORK_ADAPTERS |
vt.BehaviourTrait.CHECKS_PCI_BUS |
vt.BehaviourTrait.CHECKS_USB_BUS |
vt.BehaviourTrait.CLIPBOARD |
vt.BehaviourTrait.CRYPTO |
vt.BehaviourTrait.DECRYPTS_EXE |
vt.BehaviourTrait.DETECT_DEBUG_ENVIRONMENT |
vt.BehaviourTrait.DIRECT_CPU_CLOCK_ACCESS |
vt.BehaviourTrait.EXECUTES_DROPPED_FILE |
vt.BehaviourTrait.FTP_COMMUNICATION |
vt.BehaviourTrait.HOSTS_MODIFIER |
vt.BehaviourTrait.INSTALLS_BROWSER_EXTENSION |
vt.BehaviourTrait.IRC_COMMUNICATION |
vt.BehaviourTrait.LONG_SLEEPS |
vt.BehaviourTrait.MACRO_ANTI_ANALYSIS |
vt.BehaviourTrait.MACRO_COPY_FILE |
vt.BehaviourTrait.MACRO_CREATE_DIR |
vt.BehaviourTrait.MACRO_CREATE_FILE |
vt.BehaviourTrait.MACRO_CREATE_OLE |
vt.BehaviourTrait.MACRO_DOWNLOAD_URL |
vt.BehaviourTrait.MACRO_ENUM_WINDOWS |
vt.BehaviourTrait.MACRO_ENVIRON |
vt.BehaviourTrait.MACRO_HANDLE_FILE |
vt.BehaviourTrait.MACRO_HIDE_APP |
vt.BehaviourTrait.MACRO_OPEN_FILE |
vt.BehaviourTrait.MACRO_POWERSHELL |
vt.BehaviourTrait.MACRO_REGISTRY |
vt.BehaviourTrait.MACRO_RUN_DLL |
vt.BehaviourTrait.MACRO_RUN_FILE |
vt.BehaviourTrait.MACRO_SAVE_WORKBOOK |
vt.BehaviourTrait.MACRO_SEND_KEYS |
vt.BehaviourTrait.MACRO_WRITE_FILE |
vt.BehaviourTrait.MYSQL_COMMUNICATION |
vt.BehaviourTrait.OBFUSCATED |
vt.BehaviourTrait.PASSWORD_DIALOG |
vt.BehaviourTrait.PERSISTENCE |
vt.BehaviourTrait.REFLECTION |
vt.BehaviourTrait.RUNTIME_MODULES |
vt.BehaviourTrait.SELF_DELETE |
vt.BehaviourTrait.SENDS_SMS |
vt.BehaviourTrait.SMTP_COMMUNICATION |
vt.BehaviourTrait.SSH_COMMUNICATION |
vt.BehaviourTrait.SUDO |
vt.BehaviourTrait.SUSPICIOUS_DNS |
vt.BehaviourTrait.SUSPICIOUS_UDP |
vt.BehaviourTrait.TELEPHONY |
vt.BehaviourTrait.TELNET_COMMUNICATION |
vt.BehaviourTrait.TUNNELING |
Behaviour verdicts
vt.BehaviourVerdict.ADWARE |
vt.BehaviourVerdict.BANKER |
vt.BehaviourVerdict.CLEAN |
vt.BehaviourVerdict.EVADER |
vt.BehaviourVerdict.EXPLOIT |
vt.BehaviourVerdict.GREYWARE |
vt.BehaviourVerdict.MALWARE |
vt.BehaviourVerdict.PHISHING |
vt.BehaviourVerdict.RANSOM |
vt.BehaviourVerdict.RAT |
vt.BehaviourVerdict.SPREADER |
vt.BehaviourVerdict.TROJAN |
vt.BehaviourVerdict.UNKNOWN_VERDICT |
File types
Type | Type tags |
---|---|
vt.FileType.ACE | compressed ace |
vt.FileType.ANDROID | executable mobile android apk |
vt.FileType.APPLE | apple apple-gen |
vt.FileType.APPLE_PLIST | apple appleplist |
vt.FileType.APPLEDOUBLE | apple appledouble |
vt.FileType.APPLESINGLE | apple applesingle |
vt.FileType.ARC | compressed arc |
vt.FileType.ARJ | compressed arj |
vt.FileType.ASD | compressed asd |
vt.FileType.ASF | multimedia video asf |
vt.FileType.AVI | multimedia video avi |
vt.FileType.AWK | source awk |
vt.FileType.BMP | multimedia image bmp |
vt.FileType.BZIP | compressed bzip |
vt.FileType.C | source c |
vt.FileType.CAB | compressed cab |
vt.FileType.CAP | internet cap pcap |
vt.FileType.CHM | help chm |
vt.FileType.COFF | executable coff |
vt.FileType.COOKIE | internet iecookie |
vt.FileType.CPP | source cpp |
vt.FileType.CRX | crx chrome extension browser |
vt.FileType.DEB | executable linux deb |
vt.FileType.DIB | multimedia image dib |
vt.FileType.DIVX | multimedia video divx |
vt.FileType.DMG | executable mac dmg |
vt.FileType.DOC | document msoffice text word doc |
vt.FileType.DOCX | document msoffice text word docx |
vt.FileType.DOS_COM | executable dos com |
vt.FileType.DOS_EXE | executable dos mz |
vt.FileType.DYALOG | source dyalog |
vt.FileType.DZIP | compressed dzip |
vt.FileType.EBOOK | document ebook epub |
vt.FileType.ELF | executable linux elf |
vt.FileType.EMAIL | internet email |
vt.FileType.EMF | multimedia image emf |
vt.FileType.EOT | font opentype eof |
vt.FileType.FLAC | multimedia audio flac |
vt.FileType.FLC | multimedia animation flc |
vt.FileType.FLI | multimedia animation fli |
vt.FileType.FLV | multimedia video flv |
vt.FileType.FORTRAN | source fortran |
vt.FileType.FPX | multimedia image fpx |
vt.FileType.GIF | multimedia image gif |
vt.FileType.GIMP | multimedia image gimp |
vt.FileType.GUL | document samsungdoc text gul |
vt.FileType.GZIP | compressed gzip |
vt.FileType.HTML | internet html |
vt.FileType.HWP | document hangul text hwp |
vt.FileType.ICO | multimedia image ico |
vt.FileType.IN_DESIGN | multimedia image indesign |
vt.FileType.IPHONE | executable mobile iphone ios |
vt.FileType.ISOIMAGE | compressed isoimage |
vt.FileType.JAR | compressed jar |
vt.FileType.JAVA | source java |
vt.FileType.JAVA_BYTECODE | executable java-bytecode class |
vt.FileType.JAVASCRIPT | source javascript |
vt.FileType.JNG | multimedia image jng |
vt.FileType.JPEG | multimedia image jpeg jpg |
vt.FileType.KGB | compressed kgb |
vt.FileType.LATEX | document latex |
vt.FileType.LINUX | linux |
vt.FileType.LINUX_KERNEL | linux |
vt.FileType.LNK | windows lnk |
vt.FileType.MACH_O | executable mac macho |
vt.FileType.MACINTOSH | apple macintosh mac macintosh-gen |
vt.FileType.MACINTOSH_HFS | apple macintosh mac machfs |
vt.FileType.MACINTOSH_LIB | apple mac maclib |
vt.FileType.MIDI | multimedia audio midi |
vt.FileType.MOV | multimedia video mov |
vt.FileType.MP3 | multimedia audio mp3 |
vt.FileType.MP4 | multimedia audio mp4 |
vt.FileType.MPEG | multimedia video mpeg |
vt.FileType.MSCOMPRESS | compressed mscompress |
vt.FileType.MSI | installer windows msi |
vt.FileType.NE_DLL | executable windows win16 ne nedll |
vt.FileType.NE_EXE | executable windows win16 ne neexe |
vt.FileType.ODF | document openoffice math odf |
vt.FileType.ODG | document openoffice draw odg |
vt.FileType.ODP | document openoffice presentation odp |
vt.FileType.ODS | document openoffice spreadsheet ods |
vt.FileType.ODT | document openoffice text odt |
vt.FileType.OGG | multimedia video ogg |
vt.FileType.OUTLOOK | internet email outlook |
vt.FileType.PALMOS | executable mobile palmos |
vt.FileType.PASCAL | source pascal |
vt.FileType.PDF | document pdf |
vt.FileType.PE_DLL | executable windows win32 pe pedll |
vt.FileType.PE_EXE | executable windows win32 pe peexe |
vt.FileType.PERL | source perl |
vt.FileType.PHP | source php |
vt.FileType.PKG | executable mac pkg |
vt.FileType.PNG | multimedia image png |
vt.FileType.PPSX | document msoffice presentation powerpoint slideshow ppsx |
vt.FileType.PPT | document msoffice presentation powerpoint ppt |
vt.FileType.PPTX | document msoffice presentation powerpoint pptx |
vt.FileType.PS | document ps postscript |
vt.FileType.PSD | multimedia image photoshop psd |
vt.FileType.PYTHON | source python |
vt.FileType.QUICKTIME | multimedia video quicktime qt |
vt.FileType.RAR | compressed rar |
vt.FileType.RM | multimedia video realmedia rm |
vt.FileType.ROM | rom bios firmware |
vt.FileType.RPM | linux rpm |
vt.FileType.RTF | document msoffice text word rtf |
vt.FileType.RUBY | source ruby |
vt.FileType.RZIP | compressed rzip |
vt.FileType.SCRIPT | script |
vt.FileType.SEVENZIP | compressed 7zip |
vt.FileType.SHELLSCRIPT | script shell |
vt.FileType.SVG | multimedia image svg |
vt.FileType.SWF | internet flash swf |
vt.FileType.SYMBIAN | executable mobile symbian |
vt.FileType.T3GP | multimedia video 3gp |
vt.FileType.TAR | compressed tar |
vt.FileType.TARGA | multimedia image targa |
vt.FileType.TEXT | text |
vt.FileType.TIFF | multimedia image tiff |
vt.FileType.TORRENT | link internet bittorrent |
vt.FileType.TTF | font truetype ttf |
vt.FileType.WAV | multimedia audio wav |
vt.FileType.WINCE | executable mobile wince |
vt.FileType.WMA | multimedia audio wma |
vt.FileType.WMV | multimedia video wmv |
vt.FileType.WOFF | font openfont woff |
vt.FileType.XLS | document msoffice spreadsheet excel xls |
vt.FileType.XLSX | document msoffice spreadsheet excel xlsx |
vt.FileType.XML | internet xml |
vt.FileType.XPI | browser extension firefox xpi |
vt.FileType.XWD | multimedia image xwd |
vt.FileType.ZIP | compressed zip |
vt.FileType.ZLIB | compressed zlib |
Google TI assessment severity types
vt.GtiSeverity.SEVERITY_NONE |
vt.GtiSeverity.SEVERITY_LOW |
vt.GtiSeverity.SEVERITY_MEDIUM |
vt.GtiSeverity.SEVERITY_HIGH |
Google TI assessment verdicts
vt.GtiVerdict.VERDICT_BENIGN |
vt.GtiVerdict.VERDICT_UNDETECTED |
vt.GtiVerdict.VERDICT_SUSPICIOUS |
vt.GtiVerdict.VERDICT_MALICIOUS |
Updated 20 days ago