VirusTotal Now Supports Trend Micro ELF Hash


Thread author
Staff Member
Malware Hunter
Jul 27, 2015
Internet of Things (IoT) malware researchers are familiar with the struggle of pivoting from a particular malware sample to another. IoT malware samples are tricky to handle and categorize, as they are usually compiled for multiple architectures. Also, there is a lack of tools and techniques to investigate these types of files.

To help IoT and Linux malware researchers in general to investigate attacks containing Executable and Linkable Format (ELF) files, we created Trend Micro ELF Hash (aka telfhash). Telfhash is an open-source clustering algorithm that helps effectively cluster Linux IoT malware samples. Simply put, it can be understood as a concept similar to import hashing (aka ImpHash) for ELF files, although there are some crucial differences between telfhash and a symbol table hash.
As it deals with ELF files, telfhash is beneficial for IoT research and beyond; this clustering algorithm can also be used for any Linux-related malware research such as analysis for some attacks concerning Docker containers, Windows Subsystem for Linux (WSL), cryptominer, rootkits, and many more. It can also be especially helpful in cases where variants of malware become cross-platform threats.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.