Reference
Livehunt vt module reference
This reference provides a detailed list of the various data types that can be matched against when using attributes within the vt module.
- HTTP Methods
- Network Protocols
- Behaviour traits
- Behaviour verdicts
- File types
- Google TI assessment severity types
- Google TI assessment verdicts
HTTP methods
| vt.Http.Method.GET |
| vt.Http.Method.HEAD |
| vt.Http.Method.PATCH |
| vt.Http.Method.POST |
| vt.Http.Method.PUT |
| vt.Http.Method.DELETE |
| vt.Http.Method.TRACE |
| vt.Http.Method.OPTIONS |
| vt.Http.Method.CONNECT |
Network protocols
| vt.Net.Protocol.ICMP |
| vt.Net.Protocol.IGMP |
| vt.Net.Protocol.TCP |
| vt.Net.Protocol.UDP |
| vt.Net.Protocol.ESP |
| vt.Net.Protocol.AH |
| vt.Net.Protocol.L2TP |
| vt.Net.Protoco.SCTP |
Behaviour traits
| vt.BehaviourTrait.BIG_UPSTREAM |
| vt.BehaviourTrait.CHECKS_BIOS |
| vt.BehaviourTrait.CHECKS_CPU_NAME |
| vt.BehaviourTrait.CHECKS_DISK_SPACE |
| vt.BehaviourTrait.CHECKS_GPS |
| vt.BehaviourTrait.CHECKS_HOSTNAME |
| vt.BehaviourTrait.CHECKS_MEMORY_AVAILABLE |
| vt.BehaviourTrait.CHECKS_NETWORK_ADAPTERS |
| vt.BehaviourTrait.CHECKS_PCI_BUS |
| vt.BehaviourTrait.CHECKS_USB_BUS |
| vt.BehaviourTrait.CLIPBOARD |
| vt.BehaviourTrait.CRYPTO |
| vt.BehaviourTrait.DECRYPTS_EXE |
| vt.BehaviourTrait.DETECT_DEBUG_ENVIRONMENT |
| vt.BehaviourTrait.DIRECT_CPU_CLOCK_ACCESS |
| vt.BehaviourTrait.EXECUTES_DROPPED_FILE |
| vt.BehaviourTrait.FTP_COMMUNICATION |
| vt.BehaviourTrait.HOSTS_MODIFIER |
| vt.BehaviourTrait.INSTALLS_BROWSER_EXTENSION |
| vt.BehaviourTrait.IRC_COMMUNICATION |
| vt.BehaviourTrait.LONG_SLEEPS |
| vt.BehaviourTrait.MACRO_ANTI_ANALYSIS |
| vt.BehaviourTrait.MACRO_COPY_FILE |
| vt.BehaviourTrait.MACRO_CREATE_DIR |
| vt.BehaviourTrait.MACRO_CREATE_FILE |
| vt.BehaviourTrait.MACRO_CREATE_OLE |
| vt.BehaviourTrait.MACRO_DOWNLOAD_URL |
| vt.BehaviourTrait.MACRO_ENUM_WINDOWS |
| vt.BehaviourTrait.MACRO_ENVIRON |
| vt.BehaviourTrait.MACRO_HANDLE_FILE |
| vt.BehaviourTrait.MACRO_HIDE_APP |
| vt.BehaviourTrait.MACRO_OPEN_FILE |
| vt.BehaviourTrait.MACRO_POWERSHELL |
| vt.BehaviourTrait.MACRO_REGISTRY |
| vt.BehaviourTrait.MACRO_RUN_DLL |
| vt.BehaviourTrait.MACRO_RUN_FILE |
| vt.BehaviourTrait.MACRO_SAVE_WORKBOOK |
| vt.BehaviourTrait.MACRO_SEND_KEYS |
| vt.BehaviourTrait.MACRO_WRITE_FILE |
| vt.BehaviourTrait.MYSQL_COMMUNICATION |
| vt.BehaviourTrait.OBFUSCATED |
| vt.BehaviourTrait.PASSWORD_DIALOG |
| vt.BehaviourTrait.PERSISTENCE |
| vt.BehaviourTrait.REFLECTION |
| vt.BehaviourTrait.RUNTIME_MODULES |
| vt.BehaviourTrait.SELF_DELETE |
| vt.BehaviourTrait.SENDS_SMS |
| vt.BehaviourTrait.SMTP_COMMUNICATION |
| vt.BehaviourTrait.SSH_COMMUNICATION |
| vt.BehaviourTrait.SUDO |
| vt.BehaviourTrait.SUSPICIOUS_DNS |
| vt.BehaviourTrait.SUSPICIOUS_UDP |
| vt.BehaviourTrait.TELEPHONY |
| vt.BehaviourTrait.TELNET_COMMUNICATION |
| vt.BehaviourTrait.TUNNELING |
Behaviour verdicts
| vt.BehaviourVerdict.ADWARE |
| vt.BehaviourVerdict.BANKER |
| vt.BehaviourVerdict.CLEAN |
| vt.BehaviourVerdict.EVADER |
| vt.BehaviourVerdict.EXPLOIT |
| vt.BehaviourVerdict.GREYWARE |
| vt.BehaviourVerdict.MALWARE |
| vt.BehaviourVerdict.PHISHING |
| vt.BehaviourVerdict.RANSOM |
| vt.BehaviourVerdict.RAT |
| vt.BehaviourVerdict.SPREADER |
| vt.BehaviourVerdict.TROJAN |
| vt.BehaviourVerdict.UNKNOWN_VERDICT |
File types
| Type | Type tags |
|---|---|
| vt.FileType.ACE | compressed ace |
| vt.FileType.ANDROID | executable mobile android apk |
| vt.FileType.APPLE | apple apple-gen |
| vt.FileType.APPLE_PLIST | apple appleplist |
| vt.FileType.APPLEDOUBLE | apple appledouble |
| vt.FileType.APPLESINGLE | apple applesingle |
| vt.FileType.ARC | compressed arc |
| vt.FileType.ARJ | compressed arj |
| vt.FileType.ASD | compressed asd |
| vt.FileType.ASF | multimedia video asf |
| vt.FileType.AVI | multimedia video avi |
| vt.FileType.AWK | source awk |
| vt.FileType.BMP | multimedia image bmp |
| vt.FileType.BZIP | compressed bzip |
| vt.FileType.C | source c |
| vt.FileType.CAB | compressed cab |
| vt.FileType.CAP | internet cap pcap |
| vt.FileType.CHM | help chm |
| vt.FileType.COFF | executable coff |
| vt.FileType.COOKIE | internet iecookie |
| vt.FileType.CPP | source cpp |
| vt.FileType.CRX | crx chrome extension browser |
| vt.FileType.DEB | executable linux deb |
| vt.FileType.DIB | multimedia image dib |
| vt.FileType.DIVX | multimedia video divx |
| vt.FileType.DMG | executable mac dmg |
| vt.FileType.DOC | document msoffice text word doc |
| vt.FileType.DOCX | document msoffice text word docx |
| vt.FileType.DOS_COM | executable dos com |
| vt.FileType.DOS_EXE | executable dos mz |
| vt.FileType.DYALOG | source dyalog |
| vt.FileType.DZIP | compressed dzip |
| vt.FileType.EBOOK | document ebook epub |
| vt.FileType.ELF | executable linux elf |
| vt.FileType.EMAIL | internet email |
| vt.FileType.EMF | multimedia image emf |
| vt.FileType.EOT | font opentype eof |
| vt.FileType.FLAC | multimedia audio flac |
| vt.FileType.FLC | multimedia animation flc |
| vt.FileType.FLI | multimedia animation fli |
| vt.FileType.FLV | multimedia video flv |
| vt.FileType.FORTRAN | source fortran |
| vt.FileType.FPX | multimedia image fpx |
| vt.FileType.GIF | multimedia image gif |
| vt.FileType.GIMP | multimedia image gimp |
| vt.FileType.GUL | document samsungdoc text gul |
| vt.FileType.GZIP | compressed gzip |
| vt.FileType.HTML | internet html |
| vt.FileType.HWP | document hangul text hwp |
| vt.FileType.ICO | multimedia image ico |
| vt.FileType.IN_DESIGN | multimedia image indesign |
| vt.FileType.IPHONE | executable mobile iphone ios |
| vt.FileType.ISOIMAGE | compressed isoimage |
| vt.FileType.JAR | compressed jar |
| vt.FileType.JAVA | source java |
| vt.FileType.JAVA_BYTECODE | executable java-bytecode class |
| vt.FileType.JAVASCRIPT | source javascript |
| vt.FileType.JNG | multimedia image jng |
| vt.FileType.JPEG | multimedia image jpeg jpg |
| vt.FileType.KGB | compressed kgb |
| vt.FileType.LATEX | document latex |
| vt.FileType.LINUX | linux |
| vt.FileType.LINUX_KERNEL | linux |
| vt.FileType.LNK | windows lnk |
| vt.FileType.MACH_O | executable mac macho |
| vt.FileType.MACINTOSH | apple macintosh mac macintosh-gen |
| vt.FileType.MACINTOSH_HFS | apple macintosh mac machfs |
| vt.FileType.MACINTOSH_LIB | apple mac maclib |
| vt.FileType.MIDI | multimedia audio midi |
| vt.FileType.MOV | multimedia video mov |
| vt.FileType.MP3 | multimedia audio mp3 |
| vt.FileType.MP4 | multimedia audio mp4 |
| vt.FileType.MPEG | multimedia video mpeg |
| vt.FileType.MSCOMPRESS | compressed mscompress |
| vt.FileType.MSI | installer windows msi |
| vt.FileType.NE_DLL | executable windows win16 ne nedll |
| vt.FileType.NE_EXE | executable windows win16 ne neexe |
| vt.FileType.ODF | document openoffice math odf |
| vt.FileType.ODG | document openoffice draw odg |
| vt.FileType.ODP | document openoffice presentation odp |
| vt.FileType.ODS | document openoffice spreadsheet ods |
| vt.FileType.ODT | document openoffice text odt |
| vt.FileType.OGG | multimedia video ogg |
| vt.FileType.OUTLOOK | internet email outlook |
| vt.FileType.PALMOS | executable mobile palmos |
| vt.FileType.PASCAL | source pascal |
| vt.FileType.PDF | document pdf |
| vt.FileType.PE_DLL | executable windows win32 pe pedll |
| vt.FileType.PE_EXE | executable windows win32 pe peexe |
| vt.FileType.PERL | source perl |
| vt.FileType.PHP | source php |
| vt.FileType.PKG | executable mac pkg |
| vt.FileType.PNG | multimedia image png |
| vt.FileType.PPSX | document msoffice presentation powerpoint slideshow ppsx |
| vt.FileType.PPT | document msoffice presentation powerpoint ppt |
| vt.FileType.PPTX | document msoffice presentation powerpoint pptx |
| vt.FileType.PS | document ps postscript |
| vt.FileType.PSD | multimedia image photoshop psd |
| vt.FileType.PYTHON | source python |
| vt.FileType.QUICKTIME | multimedia video quicktime qt |
| vt.FileType.RAR | compressed rar |
| vt.FileType.RM | multimedia video realmedia rm |
| vt.FileType.ROM | rom bios firmware |
| vt.FileType.RPM | linux rpm |
| vt.FileType.RTF | document msoffice text word rtf |
| vt.FileType.RUBY | source ruby |
| vt.FileType.RZIP | compressed rzip |
| vt.FileType.SCRIPT | script |
| vt.FileType.SEVENZIP | compressed 7zip |
| vt.FileType.SHELLSCRIPT | script shell |
| vt.FileType.SVG | multimedia image svg |
| vt.FileType.SWF | internet flash swf |
| vt.FileType.SYMBIAN | executable mobile symbian |
| vt.FileType.T3GP | multimedia video 3gp |
| vt.FileType.TAR | compressed tar |
| vt.FileType.TARGA | multimedia image targa |
| vt.FileType.TEXT | text |
| vt.FileType.TIFF | multimedia image tiff |
| vt.FileType.TORRENT | link internet bittorrent |
| vt.FileType.TTF | font truetype ttf |
| vt.FileType.WAV | multimedia audio wav |
| vt.FileType.WINCE | executable mobile wince |
| vt.FileType.WMA | multimedia audio wma |
| vt.FileType.WMV | multimedia video wmv |
| vt.FileType.WOFF | font openfont woff |
| vt.FileType.XLS | document msoffice spreadsheet excel xls |
| vt.FileType.XLSX | document msoffice spreadsheet excel xlsx |
| vt.FileType.XML | internet xml |
| vt.FileType.XPI | browser extension firefox xpi |
| vt.FileType.XWD | multimedia image xwd |
| vt.FileType.ZIP | compressed zip |
| vt.FileType.ZLIB | compressed zlib |
Google TI assessment severity types
| vt.GtiSeverity.SEVERITY_NONE |
| vt.GtiSeverity.SEVERITY_LOW |
| vt.GtiSeverity.SEVERITY_MEDIUM |
| vt.GtiSeverity.SEVERITY_HIGH |
Google TI assessment verdicts
| vt.GtiVerdict.VERDICT_BENIGN |
| vt.GtiVerdict.VERDICT_UNDETECTED |
| vt.GtiVerdict.VERDICT_SUSPICIOUS |
| vt.GtiVerdict.VERDICT_MALICIOUS |
Updated 29 days ago