Know your enemies: An approach for CTI teams
VirusTotal’s Threat Landscape can be a valuable source of operational and tactical threat intelligence for CTI teams, for instance helping us find the latest malware trends used by a given Threat Actor to adjust our intelligence-led security posture accordingly. In this post, we will play the role of a CTI analyst working for a Singaporean […] more…
COM Objects Hijacking
The COM Hijacking technique is often utilized by threat actors and various malware families to achieve both persistence and privilege escalation in target systems. It relies on manipulating Component Object Model (COM), exploiting the core architecture of Windows that enables communication between software components, by adding a new value on a specific registry key related […] more…
Following MITRE’s footsteps in analyzing malware behavior
The MITRE framework helps all defenders speak the same language regarding attackers’ modus operandi. VirusTotal provides multiple data points where MITRE’s Tactics and Techniques are dynamically extracted from samples when detonated in our sandboxes. In particular, samples’ MITRE mapping can be found under the BEHAVIOR tab of a file’s report. This data is searchable in […] more…
VT Livehunt Cheat Sheet
Today we are happy to announce the release of our “Livehunt Cheat Sheet”, a guide to help you quickly implement monitoring rules in Livehunt. You can find the PDF version here. VirusTotal Livehunt is a service that continuously scans all incoming indicators and notifies you when any of them matches your rules. Livehunt not only […] more…
Uncovering Hidden Threats with VirusTotal Code Insight
In the constantly changing world of cybersecurity, generative AI is becoming an increasingly valuable tool. This blog post shows various examples that elude traditional detection engines yet are adeptly unveiled by Code Insight. We explore diverse scenarios, ranging from firmware patches in DJI drones that disable red flight lights, to the covert theft of WhatsApp […] more…
Monitoring malware trends with VT Intelligence
Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here. VT Intelligence can be a powerful tool for monitoring malware trends, enhancing your detection capabilities and enabling proactive defense against evolving threats. To leverage it effectively, analysts can refine searches with threat indicators relevant to their […] more…
Hunting for malicious domains with VT Intelligence
Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here. Many cyberattacks begin by victims visiting compromised websites that host malware or phishing scams, threat actors use domains for different malicious purposes as part of their infrastructure, and malware communicates with external sites for command and […] more…
Sigma rules for Linux and MacOS
TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily converting them to YARA Livehunts. Unfortunately, at that time Sigma rules were only matched against Windows binaries. Since then, our engineering team […] more…
Protecting the perimeter with VT Intelligence – malicious URLs
Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here. One of the main attacking vectors attackers use for credential theft and malware deployment are malicious link-based attacks leveraging impersonated websites or distributing malware. By studying malicious campaigns, defenders can learn attacker tactics and refine their […] more…
Protecting the perimeter with VT Intelligence – Email security
Please note that this blogpost is part of our #VTMondays series, check out our collection of past publications here. One of the most common attack vectors to gain access to your network is through phishing emails with attachments containing malware, usually the first stage in a cyberattack kill chain. By gathering intelligence related to the […] more…
VTMondays
Welcome to VTMondays! A weekly series of bite-sized educational pills exploring the use of VirusTotal in real-world scenarios. Here’s what you’ll get: Short lessons: VTMondays are packed with valuable info in under 5 minutes read. Real-world scenarios: We’re not talking theory, we’re talking hunting malware, using intelligence to build up your defenses and staying ahead […] more…
How AI is shaping malware analysis
We just released our “Empowering Defenders: How AI is shaping malware analysis” report, where we want to share VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, this time focusing on how AI complements traditional malware analysis tools by providing a new functionality, leading to very […] more…
The definitive VirusTotal’s admin guide
Check out our Walkthrough guide for VirusTotal group administrators! VirusTotal administrators’ tasks are key for the good health of the groups they manage. Unfortunately it is not always clear the best way to do this or that task. But we heard our beloved community, and we created the definitive guide for everything a VirusTotal group […] more…
Unifying threat context with VirusTotal connectors
In an age where cyber threats continue to grow in sophistication and frequency, the pursuit of a unified threat contextualization platform is no longer a mere convenience but an absolute necessity. When faced with an unfamiliar file, hash, domain, IP address, or URL, having a singular view of threat intelligence not only expedites investigations but […] more…
The path from VT Intelligence queries to VT Livehunt rules: A CTI analyst approach
This post will explain the process you can follow to create a VT Livehunt rule from a VT Intelligence query. Something typical in threat hunting and threat intelligence operations. Let’s assume that, as a threat hunter, you created robust VT intelligence (VTI) queries getting you reliable results without false positives. Your queries are so good […] more…
It’s all about the structure! Creating YARA rules by clicking
Since we made our (extended) vt module available for LiveHunt YARA rules we understand it is not easy for analysts to keep in mind all the new potential possibilities – too many of them! Our goal is to make YARA rule creation as easy as possible while providing security experts everything they need to make […] more…
2017 Antivirus News | Powered by WordPress |
Fluxipress Theme
| Show My IP Address, check blacklists
| Free Favicon, Android and Apple Icon Generator
| Bitcoin and Crypto Currency News
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Read More Privacy & Cookies Policy