VirusTotal
Virustotal is a product from Alphabet, the mother company of Google. Virustotal inspects items with over 70 antivirus scanners and URL/domain bloc listing services, in addition to a myriad of tools to extract signals from the studied content.
You are fighting global adversaries constrained by the narrow visibility of internal-only logs. There is a better way.
Today’s adversaries are state-sponsored units and organized cybercrime groups. These threat actors, operate globally, as an 8×5 full-time job, targeting you but also others. Still, you continue to counter these, threats with just one piece of the puzzle, your network telemetry. Attacker footprints surface in, VirusTotal thanks to community crowdsourcing. Unlike any other service, VirusTotal contextualizes your, internal logs with real-time worldwide patterns, expanding your field of vision and making telemetry, truly actionable.
static threat indicators
Gather signals to trace your threat. VirusTotal tools extract suspicious signals such as OLE VBA code streams in Office document macros, invalid cross reference tables in PDFs, packer details in Windows Executables, intrusion detection system alerts triggered in PCAPs, Exif metadata, authenticode signatures and a myriad of other properties. Use these properties as IoCs to hunt down badness in your network.
Multi-property searches can be performed via advanced modifiers and threat actor campaigns can be fully mapped through pivoting and similarity searching. Lightning-fast binary n-gram searches complement file similarity searches to find other unknown variants of an attack and different malware pertaining to a same threat actor.
Behaviour activity and network comms
Understand how malware files act and communicate. VirusTotal detonates files in virtual controlled environments to trace their activities and communications, producing detailed reports including opened, created and written files, created mutexes, registry keys set, contacted domains, URL lookups, etc. This execution activity is indexed in a faceted fashion in order to allow for instantaneous lookups.
Dynamic analysis capabilities do not only focus on execution traces but also on running static+dynamic analysis plugins to decode RAT malware configs and extract network infrastructure that may have not been observed during real time execution.
in-the-wild information
Gain context on threat location and techniques used to propagate and disseminate malware. VirusTotal runs backend processes like sandboxing, inter-file relationship generation, email attachment extraction, URL to file mapping, and labelling of files coming from honeypots. Third-party tools like Microsoft Sysinternals suite also contribute metadata about in-the-wild end-user sightings of malware.
Relationships and patterns
Take advantage of backend processes to understand inter-file-netloc relationships, discover emails that may embed a given threat, link files to parent network traffic PCAPs, discover other variants signed by the same publisher, pinpoint compressed packages that contained a given threat, etc.
Use cases by team
VirusTotal Enterprise is an investigative exoskeleton that radically upskills your security organization, effortlessly from day zero
Security Automation team
Automatic alert triage via API, interaction or one-click integrations, Security telemetry enrichment, continuously via feeds + API lookups, Context-driven security orchestration, through your SOAR or custom via API
SOC/CERT
True positive prioritization and false, positive discarding, Contextualization of alert observables, & phishing investigations, Incident campaign IoC identification, for preventive & remediation actions
Incident Response team
True positive prioritization and false, positive discarding, Contextualization of alert observables, & phishing investigations, Incident campaign IoC identification, for preventive & remediation actions
Threat Intelligence team
Automatic alert triage via API, interaction or one-click integrations, Security telemetry enrichment, continuously via feeds + API lookups, Context-driven security orchestration, through your SOAR or custom via API
Malware Analysis team
True positive prioritization and false, positive discarding, Contextualization of alert observables, & phishing investigations, Incident campaign IoC identification, for preventive & remediation actions
Anti-Fraud Team
Identification of phishing campaigns &, counterfeiting sites targeting your org, Mitigation of banking and identity theft, trojans against your company, Interception and study of phishing kits, and C2 panels for the above
Anti-Abuse Team
Corporate infrastructure abuse, detection & digital asset monitoring, Brand impersonation detection – fake, apps, online lures, and others, Scoring of IP addresses interacting, with your services
Red team / Pentesting team
Blackbox reconnaissance passive, fingerprinting, Breach & attack simulation emulating, adversary TTPs, Security stack validation to identify, blindspots and mistaken setups
Vulnerability Management team
Vulnerability prioritization & smart, risk-driven patching strategy, In-the-wild vulnerability weaponization, monitoring, Threat landscape exploration from a vulnerability exploitation perspective
Filter files matching your criteria, look at in-depth information for your matches and download the pertinent files for further offline study.
