July 31st, 2023 - Malware trends report and adversary intelligence improvements

What's new?

• VirusTotal's malware trends report: Emerging Formats and Delivery Techniques. We just released a new edition of our “VirusTotal Malware Trends Report” series, where we share VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, this time focusing on “Emerging Formats and Delivery Techniques”. Read the report.

• Adversary Intelligence knowledge card summaries. VirusTotal’s Threat Landscape module incorporates {attribution, threat actor profiling, campaign & toolkit knowledge cards} into our top VirusTotal packages, allowing users to climb the pyramid of pain, moving from IoC matching into more of operational/strategic intelligence through TTPs, behavioral patterns and adversary profiling. We’ve improved {campaign/malware toolkit, threat actor, reference} cards with an initial summary tab concisely recording notions such as group aliases, motivations, targeted industries, targeted regions, suspected sponsors, related collections, relevant reporting, exploited vulnerabilities, etc. See example.

• New filters across adversary intelligence knowledge cards. We’ve further improved the aforementioned knowledge cards and adversary intelligence listings by consolidating filtering capabilities with a new and more intuitive drop-down paradigm.

• Improved labelling of regions, industries, etc. in references and their corresponding automated IoC collections. We are continuously improving the breadth and depth of our adversary intelligence knowledge cards. Along with the aforementioned summaries, you may have noticed a significantly higher number of reference cards with attribution, victimology and other threat activity profiling labels (see example reference card). In turn, these labels are also being applied to the automatic IoC collections being created for all ingested threat articles. See example of automatic IoC collection tied to a given reference. We continue to iterate on the completeness of the dataset from a threat actor profiling perspective and soon you will see greater coverage of threat groups. 

• New properties in commonality calculations. When performing VT INTELLIGENCE reverse searches, or when looking at collections of IoCs, Retrohunts or other IoC listings, users can quickly understand what do the IoCs have in common in terms of technical static and dynamic features through the “commonalities” functionality. We have added portable executable section properties to commonality calculations.