VirusTotal, a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content, has announced a new feature called ‘VirusTotal Collections’ designed to make it easier for security researchers to share Indicators of Compromise (IoCs).
Indicators of compromise (IOCs) refer to data that indicates a potential intrusions on a host system or network. Security researchers use IoCs to better analyze a particular malware’s techniques and behaviors. IoCs also provide actionable threat intelligence that can be shared within the community to further improve an organization’s incident response and remediation strategies.
"Time evolves and now most investigations go beyond one observable, quickly adding up several indicators of compromise (IOCs) for one single incident . With many security researchers sharing their findings in blog posts and tweets, it’s getting hard to keep track of all these data inputs," Juan Infantes, software engineer at VirusTotal, wrote in a blog post introducing the new feature.
According to VirusTotal, a collection is a live report which contains a title, a group of IoCs (file hashes, URLs, domains and IP addresses) and an optional description.
“Collections are open to our VirusTotal Community (registered users) and they will be enhanced with VirusTotal analysis metadata providing the latest information we have for the IoCs, along with some aggregated tags,” Infantes said.
Collection owners can easily add or remove IoCs to or from them. Collections are available via VirusTotal's UI and API, and can be shared using their permalink in blog posts, reports, and the like.
Security researchers can create IoC collections by accessing the Search tab from the VirusTotal home page.