Category: VirusTotal Blog

Since we made our (extended) vt module available for LiveHunt YARA rules we understand it is not easy for analysts to keep in mind all the new potential possibilities – too many of them! Our goal is to make YARA…

Read more →

We are pleased to share that NICS Lab, a security research group from the Computer Science Department at the University of Malaga, is joining the Crowdsourced AI initiative at VirusTotal. By extending our capabilities using a different AI model for…

Read more →

As we previously discussed, YARA Netloc uncovers a whole new dimension for hunting and monitoring by extending YARA support to network infrastructure. All VirusTotal users have already access to different resources, including templates, a GitHub repository, and the official documentation…

Read more →

We just released a new edition of our “VirusTotal Malware Trends Report” series, where we want to share VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, this time focusing on…

Read more →

We just released a new edition of our “VirusTotal Malware Trends Report” series, where we want to share VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, this time focusing on…

Read more →

We are extremely excited to introduce YARA Netloc, a powerful new hunting feature that extends YARA supported entities from traditional files to network infrastructure, including domains, URLs and IP addresses. This opens endless possibilities and brings your hunting to a…

Read more →

We are writing to share information about the recent customer data exposure incident on VirusTotal. We apologize for any concern or confusion this may have caused. On June 29, an employee accidentally uploaded a CSV file to the VirusTotal platform.…

Read more →

We are pleased to announce the launch of Crowdsourced AI, a new initiative from VirusTotal, dedicated to leveraging the power of AI in tandem with community contributions. Spearheading this endeavor, Hispasec brings to the table an AI solution designed to…

Read more →

One of VirusTotal’s biggest strengths is its Hunting capabilities using YARA rules. In addition to matching all files against a big set of crowdsourced YARA rules, it also allows users to create their own detection and classification rules. YARA was…

Read more →

Malware threat hunting is the process of proactively searching for malicious activity. It is a critical part of any organization’s security posture, as it can help to identify and mitigate threats that may have otherwise gone undetected. Sigma rules and…

Read more →

We are excited to announce our integration with DOCGuard for the analysis of Office documents, PDFs and other file types as a behavioral analysis engine.   This document analysis collaboration will allow the community to get the another opinion on the scanned documents. …

Read more →

Photo by Matheus Queiroz on Unsplash In late 2022 we decided to start monitoring PyPI, arguably the most important Python repository, as there were a number of reports on it hosting malware. PyPI took exceptional relevance amongst all repositories as,…

Read more →

Access to RELEVANT threat data is a recurring challenge highlighted by SOCs and CTI teams, at VirusTotal we want to help you understand your unique threat landscape. Indeed, tracking campaigns and threat actors in VirusTotal’s Threat Landscape module should be…

Read more →

We are pleased to announce that VirusTotal has improved the identification of programming languages and file formats through the implementation of Generative AI (artificial intelligence). Historically, automating these tasks has been quite challenging, especially when it comes to certain scripting…

Read more →

Last Monday our colleagues over at Mandiant rolled out Permhash. In their own words, Permhash is an extensible framework to hash the declared permissions applied to Chromium-based browser extensions and APKs allowing for clustering, hunting, and pivoting similar to import…

Read more →

Following the announcement of VirusTotal Code Insight at the RSA Conference 2023, we’ve been thrilled by the overwhelmingly positive response from the cybersecurity community. As enthusiasm grows, we’ve been flooded with inquiries from those keen to discover more about Code…

Read more →

 YARA rules are an essential tool for detecting and classifying malware, and they are one of VirusTotal’s cornerstones. Other than using your own rules for Livehunts and Retrohunts, in VirusTotal we import a number of selected crowdsourced rules provided by…

Read more →

At the RSA Conference 2023 today, we are excited to unveil VirusTotal Code Insight, a cutting-edge feature that leverages artificial intelligence for code analysis. Powered by Google Cloud Security AI Workbench, Code Insight produces natural language summaries of code snippets…

Read more →

Introduction  As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located…

Read more →

 We welcome Deep Instinct to VirusTotal. In their own words: “Deep Instinct is the only prevention-first cybersecurity company with a natively architected deep learning platform. We keep enterprises safe by stopping >99% of threats before other solutions even see them…

Read more →

 We welcome Deep Instinct to VirusTotal. In their own words: “Deep Instinct is the only prevention-first cybersecurity company with a natively architected deep learning platform. We keep enterprises safe by stopping >99% of threats before other solutions even see them…

Read more →

 TL;DR: VT4Splunk, VirusTotal’s official Splunk plugin, correlates your telemetry with VirusTotal context to automate triage, expedite investigations and unearth threats dwelling undetected in your environment. This extends Splunk’s own VirusTotal plugin for their SOAR. Next March 30th we will host…

Read more →

Last week we conducted the second episode of our “Threat Hunting with VirusTotal” open training session, where we covered YARA services at VirusTotal. We focused on practical aspects of YARA rules providing real life examples of infamous malware and historical…

Read more →

We recently conducted our first “Threat Hunting with VirusTotal” open training session, providing some ideas on how to use VT Intelligence to hunt for in-the-wild examples of modern malware and infamous APT campaigns. In case you missed it, here you…

Read more →

The VirusTotal API is a versatile and powerful tool that can be utilized in so many ways. Although it is commonly used for threat intelligence enrichment and threat analysis, the potential uses are virtually limitless. The latest version, VirusTotal API…

Read more →

The VirusTotal API is a versatile and powerful tool that can be utilized in so many ways. Although it is commonly used for threat intelligence enrichment and threat analysis, the potential uses are virtually limitless. The latest version, VirusTotal API…

Read more →

One of our goals is sharing with the security community as much as we learn from VirusTotal’s data to help stop, monitor and mitigate malicious activity. When looking back to 2022 we observe different interesting trends; we decided to go…

Read more →

Any organization’s infrastructure might inadvertently be abused by attackers as part of a malicious campaign. It is therefore important to monitor any suspicious activity. VirusTotal can help you identify these threats and improve your threat detection and protection capabilities. In…

Read more →

Any organization’s infrastructure might inadvertently be abused by attackers as part of a malicious campaign. It is therefore important to monitor any suspicious activity. VirusTotal can help you identify these threats and improve your threat detection and protection capabilities. In…

Read more →

One of our goals is sharing with the security community as much as we learn from VirusTotal’s data to help stop, monitor and mitigate malicious activity. When looking back to 2022 we observe different interesting trends; we decided to go…

Read more →

One of our goals is sharing with the security community as much as we learn from VirusTotal’s data to help stop, monitor and mitigate malicious activity. When looking back to 2022 we observe different interesting trends; we decided to go…

Read more →

VirusTotal, the world’s largest crowdsourced threat intelligence platform, is made possible thanks to a large community of security practitioners and vendors who integrate into our platform their best security tools. We are happy to announce the inclusion of two remarkable…

Read more →

Many of you asked for this, and today we are happy to announce the release of our VTI Cheat Sheet with hints and examples on the most useful VT Intelligence queries and modifiers. Instead of providing a list of already…

Read more →

Many of you asked for this, and today we are happy to announce the release of our VTI Cheat Sheet with hints and examples on the most useful VT Intelligence queries and modifiers. Instead of providing a list of already…

Read more →

We recently conducted our first “Hunting with VirusTotal” open training session, providing some ideas on how to use VT Intelligence to hunt for in-the-wild examples of modern malware and infamous APT campaigns. In case you missed it, here you can…

Read more →

 A few weeks ago we stumbled upon a suspicious Android sample from a tweet from @malwrhunterteam which was only detected by four antivirus engines: Antivirus verdicts didn’t provide specifics about the malware family other than it might be either a…

Read more →

 VirusTotal was born with the idea of community in mind – an ecosystem where everybody contributes and benefits. This helped grow our product around the concept of crowdsourced intelligence, where all the security community could contribute in different ways to…

Read more →

 VirusTotal was born with the idea of community in mind – an ecosystem where everybody contributes and benefits. This helped grow our product around the concept of crowdsourced intelligence, where all the security community could contribute in different ways to…

Read more →

 Continuing our initiative of sharing VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, we are proud to announce our “Deception at scale: How attackers abuse governmental infrastructure” report. Here are…

Read more →

 Continuing our initiative of sharing VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, we are proud to announce our “Deception at scale: How attackers abuse governmental infrastructure” report. Here are…

Read more →

Tldr: A recent Mandiant’s blog described a series of targeted attacks over Whatsapp by an APT cluster named UNC4034. We found several additional cases in VirusTotal which we believe with high confidence are related to the same activity set. According…

Read more →

Tl;dr: We created Service Accounts you can use with your Enterprise license to use API keys not bound to any user in particular. The new Service Accounts allow creating virtual VirusTotal accounts not associated with any particular corporate email address.…

Read more →

Last November 2021 we launched VirusTotal Collections as a way of helping organize, share and work with IoCs. Today we are announcing significant improvements that make Collections an actionable tool for strategic intelligence.   As a quick reminder, our original concept…

Read more →

 We welcome Bkav Pro Internet Security AI AV software by Bkav Corporation to VirusTotal. In their own words: “Bkav is a leading technology corporation in Vietnam, which operates in cyber security, software, smartphone, smart home and AI camera. In Vietnam,…

Read more →

 We welcome Bkav Pro Internet Security AI AV software by Bkav Corporation to VirusTotal. In their own words: “Bkav is a leading technology corporation in Vietnam, which operates in cyber security, software, smartphone, smart home and AI camera. In Vietnam,…

Read more →

Last November 2021 we launched VirusTotal Collections as a way of helping organize, share and work with IoCs. Today we are announcing significant improvements that make Collections an actionable tool for strategic intelligence.   As a quick reminder, our original concept…

Read more →

Last November 2021 we launched VirusTotal Collections as a way of helping organize, share and work with IoCs. Today we are announcing significant improvements that make Collections an actionable tool for strategic intelligence.   As a quick reminder, our original concept…

Read more →

CVE-2022-30190 (aka Follina) is a 0-day vulnerability that was disclosed on Twitter last May 27th by the nao_sec Cyber Security Research Team. According to their announcement, this vulnerability was found in (at the time) recently uploaded sample to VirusTotal from…

Read more →

Today, we are happy to announce that in addition to Google’s URL scanning service (Safe Browsing), which has been integrated with VirusTotal, Google is now also providing a file scanning service to the VirusTotal community. In their own words: “Google…

Read more →

Continuing our initiative of sharing VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, we are proud to announce our “Deception at scale: How malware abuses trust” report.  This time, we…

Read more →

Financial institutions have been a traditional target for all kinds of attacks. We wanted to understand what kind of malware families have been used against them in recent cases and track their evolution. It is not easy, though, having details…

Read more →

This article has been indexed from VirusTotal Blog  TL;DR: We implemented an Autocomplete feature for VirusTotal Intelligence queries  VirusTotal Intelligence is one of the most powerful, flexible and intuitive tools for security researchers around the world. It was designed with…

Read more →

This article has been indexed from VirusTotal Blog Tldr: We upgraded the VirusTotal MISP modules and added new cool relationships. Historically, VirusTotal provides integration to MISP through two modules (corresponding to public and VT Enterprise subscriptions) created and maintained by…

Read more →

This article has been indexed from VirusTotal Blog TL;DR: VirusTotal’s browser extension can now automatically identify IoCs in any website and enrich them with superior context from our crowdsourced threat intelligence corpus, in a single pane of glass fashion. Install…

Read more →

This article has been indexed from VirusTotal Blog TL;DR: VirusTotal’s browser extension can now automatically identify IoCs in any website and enrich them with superior context from our crowdsourced threat intelligence corpus, in a single pane of glass fashion. Install…

Read more →

This article has been indexed from VirusTotal Blog  Good news for all threat hunters! As announced in our latest release notes, the “dotnet” YARA module is already available both for your Livehunt and Retrohunt rules. This module allows inspecting features…

Read more →

This article has been indexed from VirusTotal Blog TL;DR; We are publishing a new version of VirusTotal Graph that, among other things, supports VirusTotal Collections and provides a new filter engine to speed up your investigations. Today we are proud…

Read more →

This article has been indexed from VirusTotal Blog What’s new?  MISP and VT Collections integration. VT Collections allows users to easily share with each other listings of threat campaign, threat actor or malware tookit IoCs. MISP users can now create…

Read more →

This article has been indexed from VirusTotal Blog At VirusTotal we are actively working on expanding integrations with the most popular tools used by the infosec community.  Today we are thrilled to announce tighter integration with MISP through our most…

Read more →

This article has been indexed from VirusTotal Blog With Palo Alto Networks’ Cortex XSOAR as your champion and VirusTotal as the sharpened blade, your SOC will decimate threats and reduce analyst strain. Together, VirusTotal and Cortex XSOAR enable your security…

Read more →

This article has been indexed from VirusTotal Blog VirusTotal welcomes SecneurX to the multi-sandbox project. This new behavioral analysis platform is helping provide additional details on Windows executables, Office documents, and Android APKs. In their own words: SecneurX Advanced Malware…

Read more →

This article has been indexed from VirusTotal Blog CVE-2020-1599 is a vulnerability that can be abused by adding data (that will be later executed) to the signature section of a file, for instance appending a VB script. Unfortunately, Microsoft signature…

Read more →

This article has been indexed from VirusTotal Blog CVE-2020-1599 is a vulnerability that can be abused by adding data (that will be later executed) to the signature section of a file, for instance appending a VB script. Unfortunately, Microsoft signature…

Read more →

This article has been indexed from VirusTotal Blog Since we announced VirusTotal Collections we are really grateful for the warm adoption we received from the VirusTotal community (please remember to help us gather your feedback using the following form). Indeed,…

Read more →

This article has been indexed from VirusTotal Blog We welcome the Vir.IT eXplorer PRO by TG Soft to VirusTotal. In the words of the company: “TG Soft is an Italian cyber-security company. Since 1992, TG Soft has been analyzing computer…

Read more →

This article has been indexed from VirusTotal Blog We welcome the Vir.IT eXplorer PRO by TG Soft to VirusTotal. In the words of the company: “TG Soft is an Italian cyber-security company. Since 1992, TG Soft has been analyzing computer…

Read more →

This article has been indexed from VirusTotal Blog TL;DR: Threat researchers use Pastebin and similar sites to share sets of IoCs among themselves. We believe there is a more actionable and contextualized way to perform this task, enter VirusTotal Collections.…

Read more →

This article has been indexed from VirusTotal Blog Our first “Ransomware in a global context” report offered an overview on how ransomware attacks evolved since 2020, highlighting GanCrab’s supremacy in 2020 and its rebranding as REvil with a different targeting.…

Read more →

This article has been indexed from VirusTotal Blog  Malicious activity comes in all kinds of colors and flavors, sometimes abusing users’ trust by impersonating well known brands to get their private data, install malware or any other form of scam.…

Read more →

This article has been indexed from VirusTotal Blog One of the most usual use cases for integrating Threat Intelligence into your security stack revolves around enriching threat data. This helps incident responders, SOC analysts and threat intel teams properly assess…

Read more →

This article has been indexed from VirusTotal Blog  Today we are excited to announce our VirusTotal MSSP partner program, providing partners a competitive advantage to differentiate and enrich their security offering with world-class crowdsourced intelligence. Before we continue, you can…

Read more →

This article has been indexed from VirusTotal Blog We welcome the new multisandbox integration with Microsoft sysinternals. It was also recently announced on the sysinternals blog as part of their 25th anniversary. This industry collaboration will greatly benefit the entire…

Read more →

This article has been indexed from VirusTotal Blog  Today we are proud to announce our very first VirusTotal Ransomware Activity Report. This initiative is designed to help researchers, security practitioners and the general public better understand the nature of ransomware…

Read more →

This article has been indexed from VirusTotal Blog  360-degrees insights into your assets Many VirusTotal’s users deploy rules to monitor that their assets, including domains, IP ranges and intellectual property are not being abused by any attacker. Today we are…

Read more →

This article has been indexed from VirusTotal Blog by Vicente Diaz (@trompi) from Virustotal, Costin Raiu (@craiu) from Kaspersky and with the kind support of Victor M. Alvarez (@plusvic) from Virustotal Introduction On August 31, 2021 we ran a joint…

Read more →

This article has been indexed from VirusTotal Blog  360-degrees insights into your assets One of the most sought-after use cases in VirusTotal is to find information about how our assets might be being abused. Is there any attacker using our…

Read more →

This article has been indexed from VirusTotal Blog  360-degrees insights into your assets One of the most sought-after use cases in VirusTotal is to find information about how our assets might be being abused. Is there any attacker using our…

Read more →

This article has been indexed from VirusTotal Blog  Providing more context about file provenance and distribution These days many security operations center (SOC) teams are overwhelmed by huge volumes of alerts. Triaging these alerts takes too long, and many are…

Read more →

This article has been indexed from VirusTotal Blog  Providing more context about file provenance and distribution These days many security operations center (SOC) teams are overwhelmed by huge volumes of alerts. Triaging these alerts takes too long, and many are…

Read more →

This article has been indexed from VirusTotal Blog Not all the investigations are tackled the same way. Sometimes from a single sample we need to quickly find as much context as possible. In other situations, we are presented with a…

Read more →

This article has been indexed from VirusTotal Blog Not all the investigations are tackled the same way. Sometimes from a single sample we need to quickly find as much context as possible. In other situations, we are presented with a…

Read more →

This article has been indexed from VirusTotal Blog TL;DR: We are releasing an official, compliant and recommended method for displaying VirusTotal context in 3rd-party products and services, so that end-users can enjoy a single pane of glass experience when working…

Read more →

This article has been indexed from VirusTotal Blog In our previous blog post we started discussing how important it is to have relevant context when doing any investigation and how at VirusTotal, we are working hard to provide as much…

Read more →