Monday, February 14, 2022

, , , , ,

February 14th, 2022 - MISP + VirusTotal, Livehunt improvements and notifications on missing hashes

What's new? 

  • MISP and VT Collections integration. VT Collections allows users to easily share with each other listings of threat campaign, threat actor or malware tookit IoCs. MISP users can now create a VT Collection based on a MISP event with a single click. Similarly, VirusTotal users can now export VT Collections as STIX to import them into their security stack, including their own MISP instance. Read more.   
  • Ruleset owner in Livehunt. VT Hunting Livehunt allows VT Enterprise users to write YARA rules that are matched against the incoming live stream of files uploaded to VirusTotal. It has become a de-facto standard to monitor threat campaigns and malware toolkits, as well as to track threat actors going forward. In VT Hunting, YARA rules can be shared with other users, which effectively allows them to share feeds of IoC matches. Livehunt ruleset listing summaries now display the owner of the ruleset whenever that owner is not you, this allows you to identify at a glance rulesets shared with you.


  • Notifications on missing hashes. VirusTotal allows you to search for file analysis reports using the file's MD5, SHA1 or SHA256 hash. When searching for a file that is not yet in the corpus you can now easily create a YARA rule to get automatically notified if VirusTotal ever receives it. A single click of a button is all that is needed.