Clik here to view.
Threat hunting converting SIGMA to YARA
Malware threat hunting is the process of proactively searching for malicious activity. It is a critical part of any organization's security posture, as it can help to identify and mitigate threats that...
View ArticleClik here to view.
Actionable Threat Intel (III) - Introducing the definitive YARA editor
One of VirusTotal's biggest strengths is its Hunting capabilities using YARA rules. In addition to matching all files against a big set of crowdsourced YARA rules, it also allows users to create their...
View ArticleClik here to view.
VirusTotal += Crowdsourced AI
We are pleased to announce the launch of Crowdsourced AI, a new initiative from VirusTotal, dedicated to leveraging the power of AI in tandem with community contributions. Spearheading this endeavor,...
View ArticleApology and Update on Recent Accidental Data Exposure
We are writing to share information about the recent customer data exposure incident on VirusTotal. We apologize for any concern or confusion this may have caused.On June 29, an employee accidentally...
View ArticleClik here to view.
Actionable Threat Intel (IV) - YARA beyond files: extending rules to network...
We are extremely excited to introduce YARA Netloc, a powerful new hunting feature that extends YARA supported entities from traditional files to network infrastructure, including domains, URLs and IP...
View ArticleClik here to view.
VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques
We just released a new edition of our “VirusTotal Malware Trends Report” series, where we want to share VirusTotal’s visibility to help researchers, security practitioners and the general public better...
View ArticleClik here to view.
Actionable Threat Intel (V) - Autogenerated Livehunt rules for IoC tracking
As we previously discussed, YARA Netloc uncovers a whole new dimension for hunting and monitoring by extending YARA support to network infrastructure. All VirusTotal users have already access to...
View ArticleClik here to view.
Crowdsourced AI += NICS Lab
We are pleased to share that NICS Lab, a security research group from the Computer Science Department at the University of Malaga, is joining the Crowdsourced AI initiative at VirusTotal. By extending...
View ArticleClik here to view.
It's all about the structure! Creating YARA rules by clicking
Since we made our (extended) vt module available for LiveHunt YARA rules we understand it is not easy for analysts to keep in mind all the new potential possibilities - too many of them! Our goal is to...
View ArticleClik here to view.
The path from VT Intelligence queries to VT Livehunt rules: A CTI analyst...
This post will explain the process you can follow to create a VT Livehunt rule from a VT Intelligence query. Something typical in threat hunting and threat intelligence operations. Let’s assume that,...
View ArticleClik here to view.
Unifying threat context with VirusTotal connectors
In an age where cyber threats continue to grow in sophistication and frequency, the pursuit of a unified threat contextualization platform is no longer a mere convenience but an absolute necessity....
View ArticleClik here to view.
The definitive VirusTotal’s admin guide
Check out our Walkthrough guide for VirusTotal group administrators! VirusTotal administrators’ tasks are key for the good health of the groups they manage. Unfortunately it is not always clear the...
View ArticleClik here to view.
Actionable Threat Intel (VI) - A day in a Threat Hunter's life
Kaspersky's CTI analysts recently released their Asian APT groups report, including details on behavior by different adversaries. Following our series on making third-party intelligence actionable...
View ArticleClik here to view.
How AI is shaping malware analysis
We just released our “Empowering Defenders: How AI is shaping malware analysis” report, where we want to share VirusTotal’s visibility to help researchers, security practitioners and the general public...
View ArticleVTMondays
Welcome to VTMondays! A weekly series of bite-sized educational pills exploring the use of VirusTotal in real-world scenarios. Here's what you'll get:Short lessons: VTMondays are packed with valuable...
View ArticleProtecting the perimeter with VT Intelligence - Email security
Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here.One of the most common attack vectors to gain access to your network is through...
View ArticleProtecting the perimeter with VT Intelligence - malicious URLs
Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here.One of the main attacking vectors attackers use for credential theft and malware...
View ArticleClik here to view.
Sigma rules for Linux and MacOS
TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily...
View ArticleHunting for malicious domains with VT Intelligence
Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here.Many cyberattacks begin by victims visiting compromised websites that host malware or...
View ArticleMonitoring malware trends with VT Intelligence
Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here.VT Intelligence can be a powerful tool for monitoring malware trends, enhancing your...
View ArticleClik here to view.
Uncovering Hidden Threats with VirusTotal Code Insight
In the constantly changing world of cybersecurity, generative AI is becoming an increasingly valuable tool. This blog post shows various examples that elude traditional detection engines yet are...
View ArticleClik here to view.
VT Livehunt Cheat Sheet
Today we are happy to announce the release of our “Livehunt Cheat Sheet”, a guide to help you quickly implement monitoring rules in Livehunt. You can find the PDFversionhere. VirusTotal Livehunt is a...
View ArticleClik here to view.
Following MITRE's footsteps in analyzing malware behavior
The MITRE framework helps all defenders speak the same language regarding attackers' modus operandi. VirusTotal provides multiple data points where MITRE's Tactics and Techniques are dynamically...
View ArticleClik here to view.
COM Objects Hijacking
The COM Hijacking technique is often utilized by threat actors and various malware families to achieve both persistence and privilege escalation in target systems. It relies on manipulating Component...
View ArticleClik here to view.
Know your enemies: An approach for CTI teams
VirusTotal’s Threat Landscape can be a valuable source of operational and tactical threat intelligence for CTI teams, for instance helping us find the latest malware trends used by a given Threat...
View Article
