This Google Threat Intelligence search query is designed to identify files submitted from specific countries, along with community feedback indicating the presence of a Ransom note, which strongly suggests a potential victim from that country and is sharing that intelligence.
submitter:DE comment:"SUSP_RANSOM_Note"
Query Breakdown: The search looks for files submitted from the specified country along with specific tag/comment from the human analyst that submitted the file, which indicates the file is a suspected Ransomware Note.
Summary of Intent: The overall goal of this search is to identify files submitted from a specific region of the globe, where the human analyst has added a comment and tag manually indicating this is related to a Ransom Note.
The search looks for:
- Submissions From a Regional Area: This query looks for submissions from a specific region, which may indicate that a victim of this ransomware was targeted in that country.
Comments and Tags for Ransom Note: This also looks for the tag and comment that this is related to a potential ransom note or letter from threat actors to the victim.
Author’s Note & Citation: The above Info-graphics are provided by both the VirusTotal team along with the use of NotebookLM for the summary graphic. Additional analysis and details of this search query written by myself but in the style of