Collaborate Disseminate
We are writing to share information about the recent customer data exposure incident on VirusTotal. We apologize for any concern or confusion this may have caused.On June 29, an employee accidentally uploaded a CSV file to the VirusTotal platform. This… Continue reading Apology and Update on Recent Accidental Data Exposure
Last Monday our colleagues over at Mandiant rolled out Permhash. In their own words, Permhash is an extensible framework to hash the declared permissions applied to Chromium-based browser extensions and APKs allowing for clustering, hunting, and pivoti… Continue reading VirusTotal += Mandiant Permhash: Unearthing adversary infrastructure and toolkits by leveraging permissions similarity
TL;DR: VirusTotal’s browser extension can now automatically identify IoCs in any website and enrich them with superior context from our crowdsourced threat intelligence corpus, in a single pane of glass fashion. Install in Chrome | Install in Firefox |… Continue reading VT4Browsers++ Any indicator, every detail, anywhere
TL;DR: We are releasing an official, compliant and recommended method for displaying VirusTotal context in 3rd-party products and services, so that end-users can enjoy a single pane of glass experience when working with their tools of choice. Read the … Continue reading Compliant, easy and actionable integration of VirusTotal in 3rd-party products – Welcome VT Augment
TL;DR: VirusTotal allows you to search for similar files according to different orthogonal notions (structure, visual layout, icons, execution behaviour, etc.). File similarity can be combined with the “have:” search modifier in order to gain more cont… Continue reading Using similarity to expand context and map out threat campaigns
TL;DR: VirusTotal is hosting an APJ webinar on August 27th showcasing our advanced threat enrichment and threat hunting capabilities, register for the webinar, it is free.Following the EMEA webinar that we recently conducted (watch on demand if you mis… Continue reading Learn how malware operates so you can defend yourself against it
TL;DR: VirusTotal is hosting an EMEA webinar on June 4th showcasing our advanced threat enrichment and threat hunting capabilities, register for the webinar, it is free.“I did not know you could do X, Y, Z with VirusTotal”, this is the most common feed… Continue reading I did not know you could do X, Y, Z with VirusTotal
Quick links:https://support.virustotal.com/hc/en-us/articles/360001387057https://developers.virustotal.com/v3.0/reference#intelligence-searchhttps://github.com/VirusTotal/vt-pyTen years ago, VirusTotal launched VT Intelligence; a critical component of … Continue reading Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence
TL;DR: VirusTotal APIv3 includes an endpoint to retrieve all the dynamic analysis reports for a given file. This article showcases programmatic retrieval of sandbox behaviour reports in order to produce indicators of compromise that you can use to pow… Continue reading Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise
The rising tide of malware threats has created an arms race in security tool accumulation, this has led to alarm fatigue in terms of noisy alerts and false positives. The last thing you need is more false alarms coming from buggy or suboptimal YARA rul… Continue reading Test your YARA rules against a collection of goodware before releasing them in production