Introducing VirusTotal Code Insight: empowering threat analysis with generative AI. This tool is based on Sec-PaLM (LLM) and helps explaining behavior of suspicious scripts. Code Insight is available now for all our users! More details by
@bquintero
:
Good news all
#IDAPro
and
#GHidra
fans! Learn everything about VirusTotal's plugins and how to use them in our
"When you go fighting malware don´t forget your VT plugins” blog post by
@gerardofn
"YARA is dead, long live YARA-X!" 🎉
After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience.
Dive into the details in latest blog post by
@plusvic
:
Many of you asked for this, and today we are happy to announce the release of our VTI Cheat Sheet with hints and examples on the most useful VT Intelligence queries and modifiers.
@alexey_firsh
provides all details along with several examples here:
Today we announce YARA Netloc, a new feature extending YARA's supported entities from traditional files to network infra, including domains, URLs and IPs. This opens endless possibilities for hunting and monitoring. All details here, by
@leximagination
:
New VT Academy training for SOC and IR analysts, led by
@digihash
! Learn how to efficiently and successfully investigate and contextualize any malicious activity. Watch now:
In late 2022 we started monitoring PyPI, the most important Python repository. In a few weeks, we found dozens of suspicious packages. Here is our deep dive into PyPI hosted malware, by
@alexey_firsh
:
We welcome
@Mandiant
's CAPA and GoReSym to our malware analysis suite. CAPA provides valuable TTPs, and GoReSym produces all kind of metadata to analyse GO samples:
Sigma rules are one of the most powerful tools for Threat Hunters. Do you know that (for most cases) you can easily convert Sigma into LiveHunt/RetroHunt YARA rules? Find all the details here, by
@karlhiramoto
:
We found several samples we believe with high confidence are related to
@Mandiant
's DreamJob publication. Here is how we hunted them by
@alexey_firsh
:
Today we are proud to announce that our “Deception at scale" report is finally out! As an extra bonus, we included in our release post details on how to monitor this malicious activity by yourself. You can download it here:
Today we are happy to introduce VT Augment, our widget to display VirusTotal context in 3rd-party products and services. Check all details in our blog post by
@zenitrame
New VT Collections are officially out with *tons* of improvements, including victimology, attribution, OSINT events, auto-generated collections, TTPs, actor cards, and more! Check all details in our blog post:
We hunted for samples exploiting CVE-2022-30190 (aka Follina) vulnerability. Here is what we learnt along with ideas to help how you hunt/monitor this and similar threats by yourself (by
@alexey_firsh
):
Good news for the
@MISPProject
's user community! Now you can export your VT Graph into a MISP event (Download as>MISP Event) including all relationships and (optionally) the VT report for all the indicators.
The definitive guide to monitor any suspicious activity in your infrastructure using VirusTotal (including examples and templates) is here:
by
@leximagination
We have been analyzing how attackers abuse governmental infrastructure. You can find all details and several recent examples in our brand new report here:
by
@alexey_firsh
,
@entdark_
,
@gerardofn
and
@trompi
Today we are proud to introduce our brand new VirusTotal Collections! Discover, organise and save IOCs in a comprehensive way to make your research faster, easier and collaborative 🙌. Learn all about it in our blog by
@jinfantesd
:
Discover how we use Gemini 1.5 Pro to improve malware analysis! Gemini's capability to tackle up to 1 million tokens makes a difference, not only when facing huge macros, but also providing a way to automate analysis of decompiled code, by
@bquintero
:
We analyzed how attacks against financial institutions evolved in 2022. Check all details + examples on how you can monitor this activity by yourself here:
by
@gerardofn
We've been working with
@Mandiant
's
@JWilsonSecurity
to add Permhash to VirusTotal, a new way to unearth adversary's infrastructure and toolkits by leveraging permissions similarity. Details here, by
@zenitrame
:
For the international book day 📖 the VirusTotal team wants to share with you some reading recommendations. We hope you will enjoy these titles as much as we did! ❤️
Today we launch VirusTotal's Crowdsourced AI, our open initiative for the security community to explore AI's capabilities to improve threat detection and response: by
@bquintero
Friendly reminder: Please do not use VT for benchmarking. It's a bad use and, even more important, you will be making many implicit errors in the methodology, your results are invalidated by default.
In case you missed our first "Hunting with VirusTotal" training, here you can find the recording, slides, and a very interesting Q&A: by
@alexey_firsh
. We hope to see you again in the next one!
We are proud sponsor of Camilo Benito, who has just been proclaimed the Spanish Champion of Acrobatic Flight in the Advanced 2020 category (btw, he is also software engineer and manager of the Virustotal Support team). Congratulations Camilo!
Introducing VirusTotal Connectors: unify threat context from multiple sources and get a comprehensive summary, all in a single place. All details here, by
@thetravelr
:
Code Insight has been one of our most impactful releases (thanks everyone!), but the VT team didn't stop working hard to improve it. Code Insight analyses now new formats, including BAT,CMD,SH and VBS. Find all details in our Q&A, by
@bquintero
:
We found samples we suspect are related to
@Mandiant
Whatsapp phishing post: ISOs with similar content, OPSEC fails show discrepancies between volume path (with typo) inside the ISO and bait name. Please check our VT collection for more details:
Linux & macOS binaries? Covered! Our newest hunting feature allows matching Sigma rules against Linux and macOS samples, check our new post by
@Joseliyo_Jstnk
, including pro tips for crafting livehunt Yara rules based on Sigma:
We are polishing final details! But if you can't wait to know more about VT Alerts (available next September), check "A sneak peek into VT Alerts" by
@TomasPica
:
Threat intelligence just got easier. Use VirusTotal Threat Landscape to track threat actors & prioritize threats. Our latest blog shows how CTI teams win, by
@ralcaz
:
Harness TTPs for malware hunting! Our new blog post shows you how to leverage VirusTotal to hunt for ransomware, keyloggers & more, by
@leximagination
:
Syntax highlighting, auto-complete, templates, testing capabilities ... Our new YARA editor couldn't look better! Check out all the details here, by
@leximagination
:
We want to introduce our brand new “Known Distributors” attribute for file objects. We hope this will make your life easier, specially when dealing with false positives. Read all you need to know in our blogpost by
@Mrs_DarkDonado
:
Calling all security hunters! 📢
Want to know how to transform a VT Intelligence query into a Livehunt?
@Joseliyo_Jstnk
provides all the keys, including examples and best practices, in our latest blog post.
Our “Ransomware in a global context” report is finally out! Download it while it's hot
and find in our blog post (by Jesus and
@gerardofn
) tons of wonders to monitor ransom activity.
Don't forget to join us for our upcoming webinars to get all details!
Our friends from
@_CPResearch_
published on Zloader abusing CVE-2020-1599 in recent campaigns. Here you can learn how to leverage VirusTotal Intelligence to monitor malware abusing this vulnerability (by
@fcojsantos
)
How can Threat Intel help when it comes to ransomware? What is the best way to track ransomware campaigns?
Join us for our upcoming Anti-ransomware webminar. Register using links in the thread below 👇👇
Threat actors actively leverage COM object hijacking for persistence and privilege escalation. We identified the most commonly abused COM objects and CLSIDs to help you stay safe by
@Joseliyo_Jstnk
:
We've been working hard adding new relationships to help you with your investigations.
Now you can easily find dropped files, email attachments and ITW IPs, among many others.
Check out all our new additions and how to use them in our latest blog post!
Empower your threat hunting with actionable threat intel! 🕵️♀️
Discover how VTI queries based on third-party intel can enhance your understanding of malicious campaigns, streamline threat hunting, and automate threat monitoring, by
@Joseliyo_Jstnk
:
Crowdsourced Sigma rules play a key role in providing relevant context for your investigations.
Take a look to some ideas how to use them in our first blog post of the "Context is king" series by
@Mrs_DarkDonado
and
@trompi
:
"I did not know you could do X, Y, Z with VirusTotal" TL;DR: VirusTotal is hosting an EMEA webinar on June 4th showcasing our advanced threat enrichment and threat hunting capabilities, register for the webinar, it is free.
We implemented Autocomplete for VT Intelligence queries to help you find the right modifier and save you some valuable time when hunting. Read all details here:
At VirusTotal we ❤️ education!
We are happy to announce that will be providing access to VTIntelligence to students at
@LaSalleBCN
master in Cybersecurity.
At VirusTotal we ❤️ education!
We are very excited to announce our partnership with
@SANSInstitute
's
#SEC530
course co-authored by
@aboutsecurity
, providing students access to VTIntelligence to help them make TTPs actionable
Decentralized Domain Name Systems are abused to make malicious infrastructure resilient to take downs. Thanks to
@Mrs_DarkDonado
, now we have "alternative-dns" tag in VT when a domain uses such DNSs. You can read more in
@hispasec
una_al_dia (Spanish)
In our new post, "Unmasking Hidden Cyberthreats with Code Insight",
@bquintero
discusses real-world cases where AI-powered code analysis unveils malware, phishing attempts, and more:
We are proud to partner with
@TheSOCAcademy
to level up your threat analysis skills. Get more details on this course from its founder, Laura, in our latest blog:
Our last VirusTotal release notes (week 48, 2021) include: SSO Authentication, Extended crowdsourced YARA detection and new relationship for URLS sharing tracker ID. Check it out here:
Visual investigations area an extremely useful resource for efficient evaluation of incidents. In our last post by
@jinfantesd
discover
1. how to use VTGraph from scratch, 2. cool examples of investigation, 3. amazing graphs by the community
In 2022 we observed changes in how malware is distributed, rotation in exploitation techniques and we ranked victimology by industry and country. Check our summary of trends by
@gerardofn
:
We keep adding more security partners to our Crowdsourced AI effort. We are thrilled to welcome NICS Lab and their AI analysis engine for Powershell scripts, learn more about it at , by
@bquintero
Join
@craiu
and
@trompi
for our upcoming webinar next November 22nd to learn about the latest YARA rule writing innovations and how to use YARA effectively to detect and monitor malware.
Register here:
VirusTotal's IoC Stream is here to help you track campaigns and threat actors, letting you manage all related IOCs in a centralized repository for better visibility and ingestion. Find all details here, by
@leximagination
: