- 16 May 2023
- 1 Minute to read
- Print
- DarkLight
Search scanned data for ssdeep hashes
- Updated on 16 May 2023
- 1 Minute to read
- Print
- DarkLight
ssdeep
hashes are calculated using an algorithm that generates a fingerprint or hash value based on the content of a file.
Unlike traditional cryptographic hashes, which generate a fixed-length hash value based on the entire file, ssdeep
hashes generate a variable-length hash value based on subsets of the file's content. This allows ssdeep
hashes to identify files that are similar or identical, even if they have been modified or manipulated in some way.
Malicious actors often use techniques such as file obfuscation or packing to make it difficult to detect and analyze their malware. However, ssdeep
hashes can be used to pinpoint similar or identical versions of the same malware, even if the file has been disguised in some way.
Security teams can use ssdeep hashes to identify and track different versions of the same malware, as well as identifying similar or related malware strains, and use comparitive datasets to better understand the tactics and infrastructure used by malicious actors.
Navigate to
Advanced Query Builder > Xperimental Queries > ssdeep find similair
Specify an
ssdeep hash
(Optional) Specify a minimum hash
similarity cutoff
(Optional) Choose to
limit
the set of returned results(Optional) Choose to
skip
a specified number of resultsClick
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder
, and store them in the Private Queries
menu for future analysis, or to share with their organization.
Specify the query parameters
Click
Save Query
Give your query a
Name
Specify a
Description
to add more contextClick
Save