Monday, August 21, 2023

August 21st, 2023 - VT Private Scanning regionalization, subscription invoices directly in your inbox and more

  • Subscription invoices directly in your inbox. VirusTotal is continually maturing on the platform maturity front, following our work on SSO/SAML and service accounts, we continue to improve beyond security controls and into other enterprise readiness areas. If you are paying VirusTotal Enterprise via credit card, you can now provide a list of email addresses in your VirusTotal Group settings page and the corresponding invoices will be emailed to those accounts in addition to being displayed in the “Invoices” tab of your VirusTotal Group profile.

  • Personal YARA rule matches now showing up on file reports as tags. VT Hunting Livehunt allows VT Enterprise users to write YARA rules that are matched against the incoming live stream of files uploaded to VirusTotal. It has become a de-facto standard to monitor threat campaigns and malware toolkits, as well as to track threat actors going forward. Up until now, Livehunt YARA rule matches were only displayed in your IoC Stream. As of now, whenever you randomly search in VirusTotal or perform IoC lookups outside of VT Hunting, if the pertinent IoC happens to match one of your YARA rules, it will be called out as a red tag on IoC reports.

  • File storage regionalization for VT Private Scanning. VirusTotal Private Scanning allows its users to “see files through VirusTotal’s eyes” without making those files or their reports downloadable/visible to any 3rd-party beyond their own organizations, i.e. in a non-shareable fashion. All standard VirusTotal analysis components are included (reputation, static, dynamic - sandboxes, code, similarity analysis) except for multi-antivirus scanning. We have extended VT Private Scanning to support file storage regionalization, users can now choose between the US and the EU.

  • VT Private Scanning “Inconclusive” verdict has been renamed to “Undetected”. VT Private Scanning does not leverage the multi-antivirus setup, but does emit opinionated verdicts about the maliciousness of files based on a multi-layered approach including sandbox detonation observations, YARA rule matches, static analysis and other advanced analysis components. We have renamed the “Inconclusive” verdict to “Undetected” as it was generating some confusion. This verdict indicates that there are no clear signs of maliciousness.