VirusTotal Multisandbox += Sangfor ZSand

VirusTotal multisandbox project welcomes Sangfor ZSand.  The ZSand currently focuses on PE files，with extensions to other popular file types like javascript and Microsoft office to be released soon.In their own words:ZSand, developed by Sangfor Technologies’ Cloud Computing & Security Team,...

Read More

VirusTotal += BitDefender Falx

 We welcome the BitDefender Falx scanner to VirusTotal. This engine is specialized in Android and reinforces the participation of Bitdefender that already had two engines in our service, their multi-platform scanner (BitDefender) and a 100% machine learning engine (BitDefenderTheta). In the words of the company:“Bitdefender offers a cloud-based malware detection product for Android. It is built...

Read More

Using similarity to expand context and map out threat campaigns

TL;DR: VirusTotal allows you to search for similar files according to different orthogonal notions (structure, visual layout, icons, execution behaviour, etc.). File similarity can be combined with the “have:” search modifier in order to gain more context about threats, e.g. what are the emails or URLs...

Read More

Why is similarity so relevant when investigating attacks

The concept of similarity is pretty straightforward: are two files similar? There are many ways to figure it out. That's why different similarity algorithms exist. Now, why is this useful? Attackers need tools for their attacks, basically malware. Malware in the end is a piece of software, built...

Read More

Keep your friends close; keep ransomware closer

“How to avoid being a ransomware victim?” is one of the main questions every single company and organization asks themselves every day. Unfortunately there is no silver bullet against that, but there are several good practices we can follow to minimize our exposure.We can start by enumerating what are...

Read More

VirusTotal += Gridinsoft

 We welcome the Gridinsoft engine to VirusTotal. In the words of the company:“Gridinsoft provides an autonomous multi-layered malware detection engine based on a powerful malware-analyzing laboratory. We combine the most relevant file inspection methods with an effective interaction of our development and analyst teams. They gather threat patterns, classifying and replenishing the database with...

Read More

Tracing fresh Ryuk campaigns itw

Ryuk is one of the most dangerous Ransomware families. It is (allegedly) run by a specialized cybercrime actor that during the last 2 years mainly focused on targeting enterprise environments. The amount of bitcoins demanded in their ransom attacks varies depending on the target. Some of the wallets...

Read More

Learn how malware operates so you can defend yourself against it

TL;DR: VirusTotal is hosting an APJ webinar on August 27th showcasing our advanced threat enrichment and threat hunting capabilities, register for the webinar, it is free.Following the EMEA webinar that we recently conducted (watch on demand if you missed it), we want to spread the word about all the...

Read More

VirusTotal += Cynet

We welcome the Cynet engine to VirusTotal. In the words of the company: “Cynet 360 is an autonomous breach protection platform that includes multi-layered anti malware capabilities including AI-based static analysis, process behavior monitoring, memory monitoring, sandboxing, and granular whitelisting, interlocking together to protect against malicious executables, exploits, scripts, Macros, LOLbins,...

Read More

I did not know you could do X, Y, Z with VirusTotal

TL;DR: VirusTotal is hosting an EMEA webinar on June 4th showcasing our advanced threat enrichment and threat hunting capabilities, register for the webinar, it is free. “I did not know you could do X, Y, Z with VirusTotal”, this is the most common feedback that we hear coming from our users whenever...

Read More

Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence

Quick links: https://support.virustotal.com/hc/en-us/articles/360001387057 https://developers.virustotal.com/v3.0/reference#intelligence-search https://github.com/VirusTotal/vt-py Ten years ago, VirusTotal launched VT Intelligence; a critical component of VT Enterprise which offers...

Read More