Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

What to submit when verifying Indicators of Compromise (IOC) or file hashes

    • Updated:
    • 28 May 2020
    • Product/Version:
    • Apex One 2019
    • Deep Security 10.0
    • Deep Security 11.0
    • Deep Security 12.0
    • Deep Security 9.6
    • OfficeScan 11.0
    • OfficeScan XG
    • Worry-Free Business Security Services All
    • Worry-Free Business Security Standard 10.0
    • Worry-Free Business Security Standard 9.0
    • Worry-Free Business Security Standard 9.5
    • Platform:
Summary

When you receive threat alerts from advisories, security bulletins, or other sources, you may submit a case to Trend Micro. Necessary information should be prepared with this submission.

Details
Public

Refer to these steps as submission guidelines:

  1. Check the hashes if samples are available. This can be acquired through your security admin or by searching through 3rd party sources.
  2. IocS  may be in the form of:
    • File Hashes: SHA1, SHA256, MD5
    • URLs
    • IP Addresses
    • Domains
  3. Compile the information in a text file or a CSV file. Make sure that:
    • There are no special characters on the hashes.
    • Sections for hashes, URLs, IP addresses, and domains are separate.
  4. Indicate the source of the hashes or advisories. You may attach the corresponding document to the case as reference.
  5. If Trend Micro recognizes the hashes submitted, the detection name will be provided on the results email.
  6. For file hashes / IOCs that are not recognized in our database, this can be an indication that the file for the corresponding hash is not publicly available or the sample has not crossed our scanners.
  7. If a hash result needs to be disputed, you may upload the respective sample for further analysis.
Premium
Internal
Partner
Rating:
Category:
Remove a Malware / Virus
Solution Id:
000253947
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.