September’s 3x CON: Part 2
What, Where & When: The 0x07th edition of SEC-T, an annual Stockholm-based conference, was held on 18-19 September at the stunning Anrika Nalen venue, just a 15 minute walk from the famous Gamla Stan. The Schedule This conference features only one track of presentations, which – in my opinion – is quite a good thing, […] more…September’s 3x CON: Part 1
What, Where & When: the 4th edition of 44CON, an annual IT Security Conference organized by Sense/Net Ltd, took place on 10-12 September in London, at a venue near the Earl’s Court exhibition center. Geeks, who happened to enjoy somewhat spooky historical monuments, could take a five minute walk from the venue to visit an […] more…VTPRACTITIONERS{ACRONIS}: Tracking FileFix, Shadow Vector, and SideWinder
Introduction We have recently started a new blog series called #VTPRACTITIONERS. This series aims to share with the community what other practitioners are able to research using VirusTotal from a technical point of view. Our first blog saw our colleagues at SEQRITE tracking UNG0002, Silent Lynx, and DragonClone. In this new post, Acronis Threat Research […] more…VTPRACTITIONERS{SEQRITE}: Tracking UNG0002, Silent Lynx and DragonClone
Introduction One of the best parts of being at VirusTotal (VT) is seeing all the amazing ways our community uses our tools to hunt down threats. We love hearing about your successes, and we think the rest of the community would too. That’s why we’re so excited to start a new blog series where we’ll […] more…Advanced Threat Hunting: Automating Large-Scale Operations with LLMs
Last week, we were fortunate enough to attend the fantastic LABScon conference, organized by the SentinelOne Labs team. While there, we presented a workshop titled ‘Advanced Threat Hunting: Automating Large-Scale Operations with LLMs.’ The main goal of this workshop was to show attendees how they could automate their research using the VirusTotal API and Gemini. […] more…The future of smart glasses comes into focus
Twelve years ago, Google kicked off the human cyborg revolution with its Google Glass product. The ugly, clunky, expensive Glass product was way ahead of its time. But it signaled a future when ordinary-looking glasses with a heads-up display would enable hands-free “computing” anywhere, all the time. Well, that future time is now. Meta CEO […] more…OpenAI: Latest news and insights
OpenAI is an artificial intelligence organization comprised of the non-profit OpenAI, Inc. and several for-profit subsidiaries. The company is perhaps best known for its ChatGPT chatbot, which launched in 2022, kicking off a period of massive disruption in the tech industry and beyond. A complicated and increasingly contentious relationship with Microsoft, ongoing legal issues over […] more…Uncovering a Colombian Malware Campaign with AI Code Analysis
VirusTotal Code Insight keeps adding new file formats. This time, we’re looking at two vector-based formats from very different eras: SWF and SVG. Curiously, right after we rolled out this update in production, one of the very first submitted files gave us a perfect, and unexpected, example of Code Insight in action: it uncovered an […] more…Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research
By Aleksandar Milenkoski (SentinelOne) and Jose Luis Sánchez Martínez VirusTotal stores a vast collection of files, URLs, domains, and IPs submitted by users worldwide. It features a variety of functionalities and integrates third-party detection engines and tools to analyze the maliciousness of submitted artifacts and gather relevant related information, such as file properties, domain registrars, […] more…Tracking Threat Actors Using Images and Artifacts
When tracking adversaries, we commonly focus on the malware they employ in the final stages of the kill chain and infrastructure, often overlooking samples used in the initial ones. In this post, we will explore some ideas to track adversary activity leveraging images and artifacts mostly used during delivery. We presented this approach at the […] more…Know your enemies: An approach for CTI teams
VirusTotal’s Threat Landscape can be a valuable source of operational and tactical threat intelligence for CTI teams, for instance helping us find the latest malware trends used by a given Threat Actor to adjust our intelligence-led security posture accordingly. In this post, we will play the role of a CTI analyst working for a Singaporean […] more…VT Livehunt Cheat Sheet
Today we are happy to announce the release of our “Livehunt Cheat Sheet”, a guide to help you quickly implement monitoring rules in Livehunt. You can find the PDF version here. VirusTotal Livehunt is a service that continuously scans all incoming indicators and notifies you when any of them matches your rules. Livehunt not only […] more…Uncovering Hidden Threats with VirusTotal Code Insight
In the constantly changing world of cybersecurity, generative AI is becoming an increasingly valuable tool. This blog post shows various examples that elude traditional detection engines yet are adeptly unveiled by Code Insight. We explore diverse scenarios, ranging from firmware patches in DJI drones that disable red flight lights, to the covert theft of WhatsApp […] more…Sigma rules for Linux and MacOS
TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily converting them to YARA Livehunts. Unfortunately, at that time Sigma rules were only matched against Windows binaries. Since then, our engineering team […] more…How AI is shaping malware analysis
We just released our “Empowering Defenders: How AI is shaping malware analysis” report, where we want to share VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, this time focusing on how AI complements traditional malware analysis tools by providing a new functionality, leading to very […] more…The definitive VirusTotal’s admin guide
Check out our Walkthrough guide for VirusTotal group administrators! VirusTotal administrators’ tasks are key for the good health of the groups they manage. Unfortunately it is not always clear the best way to do this or that task. But we heard our beloved community, and we created the definitive guide for everything a VirusTotal group […] more…More information
- Wikipedia wants PR firm to stop paid editing services, hints at lawsuit
- Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App
- Hollywood hospital becomes ransomware victim
- Do developers care about security?
- Netcraft Raises $100M, Hires New CEO for Global Expansion
- ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware
- What Are Security Buyers Looking For?
- Worst security snafus of 2012
- Now you can avoid email sender’s remorse with Gmail’s ‘Undo Send’ feature
- Apple vs. FBI: Here’s everything you need to know (FAQ)