Wednesday, January 24, 2018

VirusTotal and Chronicle

It's been more than five years since Google acquired VirusTotal. Today we have another update: VirusTotal will moving to become part of Chronicle, a new Alphabet company focused on cyber security. This update, like our move to Google a few years back, does not change the mission or focus of VirusTotal. We'll continue to operate independently, focused on our mission of helping keep you safe on the web.

For press inquiries, please contact press@chronicle.security

Monday, January 08, 2018

VirusTotal Graph

VirusTotal receives a large number of files and URLs every day, and each of them is analyzed by AVs and other tools and sandboxes to extract information about them. This information is critical for our ecosystem, as it connects the dots and makes clear the connections between entities.

It is common to pivot over many data points (files, URLs, domains and IP addresses) to get the full picture of your investigation, and this usually involves looking at multiple reports at the same time. We know this can be complicated when you have many open tabs, therefore, we’ve developed VirusTotal Graph.

It is a visualization tool built on top of VirusTotal’s data set. It understands the relationship between files, URLs, domains and IP addresses and it provides an easy interface to pivot and navigate over them.


By exploring and expanding each of the nodes in your graph, you can build the network and see the connections across the samples you are studying. By clicking on the nodes, you can see at a glance the most relevant information for each item. You can also add labels and see an in-depth report by going to VirusTotal Public or VirusTotal Intelligence report.

The tool is available in https://www.virustotal.com/graph/ or through a public report in the tool section (VirusTotal login is required):


You can save the graphs, so that you can go back to your investigation any time and share your findings with other users. By clicking in the bottom right corner we generate a permalink which loads the graph as you see it in your screen. All saved graphs are public and linked in VirusTotal public report when the file, URL, IP address or domain appear in the graph. We feel the community will benefit from this intelligence. We understand that there are scenarios where a higher degree of privacy is needed, and we are working on a solution -- expect to see some news around it soon.

The documentation is available at

These are two YouTube videos explaining the main features:
Files Tutorial 1 - https://youtu.be/QEqHXU04IkI
Domain Tutorial 2 - https://youtu.be/xe2busIlkP4

Last but not least, we are still in an early stage of the tool and we’d be delighted to receive your feedback/comments here.