What's new?
- Download file content strings. Other than a Threat Intelligence suite allowing its users to research world-wide emerging threat patterns, VT ENTERPRISE is also an automated malware analysis solution performing {reputational, static, dynamic, code, similarity} analysis of suspicious files. One of the static analysis components that run on files is strings extraction, it runs on absolutely all uploaded files and VT ENTERPRISE users can both download files and see the strings for files uploaded by themselves or any other VirusTotal Community user. As of now, users are not only able to see file strings within their browsers, they can also download full strings dumps for offline searching and analysis. Strings downloading is available in the content tab of file reports.
- Default private scanning settings. VirusTotal Private Scanning allows its users to specify custom file/report retention periods (1 day by default) and file storage regions (US vs EU) to comply with applicable regulations. Having to select non-default retention periods and regions on every upload can be a tedious task, VirusTotal group administrators can now provide default values for these selections in the settings tab of their group profile.
- New search VT Intelligence search modifiers - ssl_not_before and ssl_not_after. VT INTELLIGENCE is often described as the Google for malware. It allows users to search for IoCs and access superior context to understand threats. It also allows users to perform reverse searches, i.e. to find files, URLs, domains and IPs matching certain criteria. We have added support for the following new modifiers, they allow users to monitor any newly issued HTTPS certificates as part of potential phishing campaigns:
