VirusTotal

VirusTotal is a service that analyzes files and URLs to detect malware and other security threats. It aggregates various antivirus engines, file and URL analysis tools, and threat intelligence feeds to provide comprehensive security assessments. Users can upload files or enter URLs to be scanned, and VirusTotal generates reports detailing the results of the analysis, including any detected malware signatures or suspicious behaviors.

CONNECTING THREAT INVESTIGATION AND MALWARE ANALYSIS

Integrating VirusTotal into Defants AIR provides comprehensive threat analysis capabilities, leveraging VirusTotal’s extensive database and analysis tools. This integration enhances threat detection by utilizing multiple antivirus engines and analysis techniques.

It streamlines investigation workflows by offering direct access to VirusTotal’s reports within the Defants AIR, facilitating quick assessment of security risks. Moreover, VirusTotal’s threat intelligence enriches information available to Defants AIR, aiding in better decision-making for prompt and effective response actions to security incidents.

Overall, this integration strengthens Defants AIR ability to detect, analyze, and respond to cybersecurity threats efficiently.

Integrations with Defants AIR

Enhanced Functionality

External tool integration boosts Defants AIR capabilities, offering specialized functionalities like malware analysis and threat intelligence.

Streamlined Workflows

Integrating tools simplifies investigation processes within Defants vSIRT, reducing manual tasks and improving efficiency.

Enhanced Collaboration

Tool integration promotes teamwork by facilitating data sharing and analysis results among security teams.

Improved Decision-Making

Access to a broader range of information through tool integration enables more informed responses to cybersecurity threats.

STATIC THREAT INDICATORS

Gather signals to trace your threat. VirusTotal tools extract suspicious signals such as OLE VBA code streams in Office document macros, invalid cross reference tables in PDFs, packer details in Windows Executables, intrusion detection system alerts triggered in PCAPs, Exif metadata, authenticode signatures and a myriad of other properties. Use these properties as IoCs to hunt down badness in your network.

Multi-property searches can be performed via advanced modifiers and threat actor campaigns can be fully mapped through pivoting and similarity searching. Lightning-fast binary n-gram searches complement file similarity searches to find other unknown variants of an attack and different malware pertaining to a same threat actor.

BEHAVIOR ACTIVITY AND NETWORK COMMS

Understand how malware files act and communicate. VirusTotal detonates files in virtual controlled environments to trace their activities and communications, producing detailed reports including opened, created and written files, created mutexes, registry keys set, contacted domains, URL lookups, etc. This execution activity is indexed in a faceted fashion in order to allow for instantaneous lookups.

Dynamic analysis capabilities do not only focus on execution traces but also on running static+dynamic analysis plugins to decode RAT malware configs and extract network infrastructure that may have not been observed during real time execution.

Want to learn more?

About VirusTotal

VirusTotal is a leading online service that provides comprehensive security analysis of files and URLs to detect malware and other threats. It aggregates multiple antivirus engines, analysis tools, and threat intelligence feeds to offer users detailed reports on the security status of their files and URLs.

Founded in 2004 and acquired by Google in 2012, VirusTotal serves individuals, cybersecurity professionals, and organizations worldwide, helping them assess the security risks associated with digital content before downloading or accessing it.

With its extensive database and analysis capabilities, VirusTotal plays a crucial role in enhancing cybersecurity by providing actionable insights and threat intelligence to its users.