Tuesday, January 18, 2022

, , , , , , ,

January 17th, 2022 - Palo Alto Cortex XSOAR marketplace and new VirusTotal Collections sources

What's new? 

  • Premium VT API packs in the Palo Alto Cortex XSOAR marketplace. We have published 4 new premium VT API packs in the Palo Alto Cortex XSOAR marketplace. XSOAR (formerly Demisto), is a Security Orchestration Automation and Response platform that allows companies to collect threat-related data from a range of sources (SIEM, Firewall, IDS, etc.) and automate the responses to the threat. Palo Alto Networks customers can now spend their credits towards the VirusTotal integration to contextualize incidents with superior crowdsourced visibility and perform more effective triage through multi-angular detection (sandboxing, YARA analysis, SIGMA behavioural flags, antivirus scanning, etc.).

  • Vir.IT file scanner. Since our last release notes update we have added a new malware scanning engine to VirusTotal: Vir.IT eXplorer PRO. You can read more about this inclusion in the welcome post. Similarly, you can see it in action detecting a file in this VirusTotal report
  • VirusTotal Collections. Since our last release notes we have also launched some major functionality to allow users to share collections of IoCs (hashes, domains, IP addresses and URLs) among themselves in a more actionable and contextualized manner. You can read more about this in the Introducing VirusTotal Collections blog post, you can also easily create collections via command-line

What's improved?

  • New VirusTotal collections sources for additional contextualization. The aforementioned VirusTotal Collections functionality is not only driven by user contributions, VirusTotal is also crowdsourcing relevant threat information sources such as AlienVault OTX, Malpedia or Abuse.ch. In this development iteration we have added two new sourced:
    • Sicehice - Sicehice fingerprints common attacker infrastructure and aggregates data from a number of sources in a way that is more easily searchable.
    • Zeusmuseum - The Zeus banking malware has been a fixture within the cybercrime landscape since 2006. With the release of its source code in 2011, Zeus has splintered into many different malware families. The goal of the zeusmuseum. is to find, categorize, and lightly document every version of these Zeus-derived families.