Category: VirusTotal Blog

VirusTotal Multisandbox += Microsoft Sysinternals

This article has been indexed from VirusTotal Blog We welcome the new multisandbox integration with Microsoft sysinternals. It was also recently announced on the sysinternals blog as part of their 25th anniversary. This industry collaboration will greatly benefit the entire…

Read more →

Ransomware in a global context

This article has been indexed from VirusTotal Blog  Today we are proud to announce our very first VirusTotal Ransomware Activity Report. This initiative is designed to help researchers, security practitioners and the general public better understand the nature of ransomware…

Read more →

Introducing VT Alerts

This article has been indexed from VirusTotal Blog  360-degrees insights into your assets Many VirusTotal’s users deploy rules to monitor that their assets, including domains, IP ranges and intellectual property are not being abused by any attacker. Today we are…

Read more →

Applied Yara training – Q&A

This article has been indexed from VirusTotal Blog by Vicente Diaz (@trompi) from Virustotal, Costin Raiu (@craiu) from Kaspersky and with the kind support of Victor M. Alvarez (@plusvic) from Virustotal Introduction On August 31, 2021 we ran a joint…

Read more →

A Sneak Peek into VT Alerts

This article has been indexed from VirusTotal Blog  360-degrees insights into your assets One of the most sought-after use cases in VirusTotal is to find information about how our assets might be being abused. Is there any attacker using our…

Read more →

A Sneak Peek into VT Alerts

This article has been indexed from VirusTotal Blog  360-degrees insights into your assets One of the most sought-after use cases in VirusTotal is to find information about how our assets might be being abused. Is there any attacker using our…

Read more →

Introducing ‘Known Distributors’

This article has been indexed from VirusTotal Blog  Providing more context about file provenance and distribution These days many security operations center (SOC) teams are overwhelmed by huge volumes of alerts. Triaging these alerts takes too long, and many are…

Read more →

Introducing ‘Known Distributors’

This article has been indexed from VirusTotal Blog  Providing more context about file provenance and distribution These days many security operations center (SOC) teams are overwhelmed by huge volumes of alerts. Triaging these alerts takes too long, and many are…

Read more →

Having the right tool for the job

This article has been indexed from VirusTotal Blog Not all the investigations are tackled the same way. Sometimes from a single sample we need to quickly find as much context as possible. In other situations, we are presented with a…

Read more →

Having the right tool for the job

This article has been indexed from VirusTotal Blog Not all the investigations are tackled the same way. Sometimes from a single sample we need to quickly find as much context as possible. In other situations, we are presented with a…

Read more →

Leveraging adversarial data for security control validation

Read the original article: Leveraging adversarial data for security control validation  Nowadays defenders have at their disposal a big amount of data describing how attackers proceed in their malicious campaigns, including TTPs (Techniques, Tactics and Procedures) and artefacts used. Threat…

Read more →

VirusTotal Multisandbox += Sangfor ZSand

Read the original article: VirusTotal Multisandbox += Sangfor ZSand VirusTotal multisandbox project welcomes Sangfor ZSand.  The ZSand currently focuses on PE files,with extensions to other popular file types like javascript and Microsoft office to be released soon. In their own…

Read more →

VirusTotal += BitDefender Falx

Read the original article: VirusTotal += BitDefender Falx  We welcome the BitDefender Falx scanner to VirusTotal. This engine is specialized in Android and reinforces the participation of Bitdefender that already had two engines in our service, their multi-platform scanner (BitDefender)…

Read more →

VirusTotal += BitDefender Falx

Read the original article: VirusTotal += BitDefender Falx  We welcome the BitDefender Falx scanner to VirusTotal. This engine is specialized in Android and reinforces the participation of Bitdefender that already had two engines in our service, their multi-platform scanner (BitDefender)…

Read more →

Using similarity to expand context and map out threat campaigns

Read the original article: Using similarity to expand context and map out threat campaigns TL;DR: VirusTotal allows you to search for similar files according to different orthogonal notions (structure, visual layout, icons, execution behaviour, etc.). File similarity can be combined…

Read more →

Why is similarity so relevant when investigating attacks

Read the original article: Why is similarity so relevant when investigating attacks The concept of similarity is pretty straightforward: are two files similar? There are many ways to figure it out. That’s why different similarity algorithms exist. Now, why is…

Read more →

Keep your friends close; keep ransomware closer

Read the original article: Keep your friends close; keep ransomware closer “How to avoid being a ransomware victim?” is one of the main questions every single company and organization asks themselves every day. Unfortunately there is no silver bullet against…

Read more →

VirusTotal += Gridinsoft

Read the original article: VirusTotal += Gridinsoft  We welcome the Gridinsoft engine to VirusTotal. In the words of the company: “Gridinsoft provides an autonomous multi-layered malware detection engine based on a powerful malware-analyzing laboratory. We combine the most relevant file…

Read more →

Tracing fresh Ryuk campaigns itw

Read the original article: Tracing fresh Ryuk campaigns itw Ryuk is one of the most dangerous Ransomware families. It is (allegedly) run by a specialized cybercrime actor that during the last 2 years mainly focused on targeting enterprise environments. The…

Read more →

Tracing fresh Ryuk campaigns itw

Read the original article: Tracing fresh Ryuk campaigns itw Ryuk is one of the most dangerous Ransomware families. It is (allegedly) run by a specialized cybercrime actor that during the last 2 years mainly focused on targeting enterprise environments. The…

Read more →

Tracing fresh Ryuk campaigns itw

Read the original article: Tracing fresh Ryuk campaigns itw Ryuk is one of the most dangerous Ransomware families. It is (allegedly) run by a specialized cybercrime actor that during the last 2 years mainly focused on targeting enterprise environments. The…

Read more →

VirusTotal += Cynet

Read the original article: VirusTotal += Cynet We welcome the Cynet engine to VirusTotal. In the words of the company: “Cynet 360 is an autonomous breach protection platform that includes multi-layered anti malware capabilities including AI-based static analysis, process behavior…

Read more →

VirusTotal += Cynet

Read the original article: VirusTotal += Cynet We welcome the Cynet engine to VirusTotal. In the words of the company: “Cynet 360 is an autonomous breach protection platform that includes multi-layered anti malware capabilities including AI-based static analysis, process behavior…

Read more →

I did not know you could do X, Y, Z with VirusTotal

Read the original article: I did not know you could do X, Y, Z with VirusTotal TL;DR: VirusTotal is hosting an EMEA webinar on June 4th showcasing our advanced threat enrichment and threat hunting capabilities, register for the webinar, it…

Read more →

I did not know you could do X, Y, Z with VirusTotal

Read the original article: I did not know you could do X, Y, Z with VirusTotal TL;DR: VirusTotal is hosting an EMEA webinar on June 4th showcasing our advanced threat enrichment and threat hunting capabilities, register for the webinar, it…

Read more →

Official VirusTotal Plugin for IDA Pro 7

Read the original article: Official VirusTotal Plugin for IDA Pro 7 ATTENTION: In order to use the content search functionality you will need to have access to VT Intelligence. If you want to jump straight ahead and install the plugin,…

Read more →

VirusTotal MultiSandbox += QiAnXin RedDrip

Read the original article: VirusTotal MultiSandbox += QiAnXin RedDrip VirusTotal would like to welcome QiAnXin RedDrip to the multi-sandbox project! QiAnXin is now sending execution behavior reports to the VirusTotal ecosystem for a wide variety of file types. In their…

Read more →

Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence

Read the original article: Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence Quick links:https://support.virustotal.com/hc/en-us/articles/360001387057https://developers.virustotal.com/v3.0/reference#intelligence-searchhttps://github.com/VirusTotal/vt-py Ten years ago, VirusTotal launched VT Intelligence; a critical component of VT Enterprise which offers users the capability to search…

Read more →

VirusTotal MultiSandbox += BitDam ATP

VirusTotal would like to welcome BitDam to the multi-sandbox project! In their own words: BitDam Advanced Threat Protection (ATP) is a cloud-based engine that proactively detects threats, pre-delivery, preventing hardware and logical exploits, ransomware, spear-phishing and zero-day attacks contained in…

Read more →

Official VirusTotal Plugin for IDA Pro 7

ATTENTION: In order to use the content search functionality you will need to have access to VT Intelligence. If you want to jump straight ahead and install the plugin, please refer to its GitHub repository. VirusTotal is very excited to…

Read more →

Official VirusTotal Plugin for IDA Pro 7

ATTENTION: In order to use the content search functionality you will need to have access to VT Intelligence. If you want to jump straight ahead and install the plugin, please refer to its GitHub repository. VirusTotal is very excited to…

Read more →

VirusTotal MultiSandbox += BitDam ATP

VirusTotal would like to welcome BitDam to the multi-sandbox project! In their own words: BitDam Advanced Threat Protection (ATP) is a cloud-based engine that proactively detects threats, pre-delivery, preventing hardware and logical exploits, ransomware, spear-phishing and zero-day attacks contained in…

Read more →

VirusTotal MultiSandbox += BitDam ATP

VirusTotal would like to welcome BitDam to the multi-sandbox project! In their own words: BitDam Advanced Threat Protection (ATP) is a cloud-based engine that proactively detects threats, pre-delivery, preventing hardware and logical exploits, ransomware, spear-phishing and zero-day attacks contained in…

Read more →

VirusTotal Graph++

Just 2 years ago we launched the first version of VirusTotal Graph. The goal was to provide a tool which understands the relationship between files, URLs, domains and IP addresses, and an easy interface to pivot and navigate over them.…

Read more →

VirusTotal Graph++

Just 2 years ago we launched the first version of VirusTotal Graph. The goal was to provide a tool which understands the relationship between files, URLs, domains and IP addresses, and an easy interface to pivot and navigate over them.…

Read more →