2 December 2021

VirusTotal introduces new feature that makes IoCs sharing more convenient


VirusTotal introduces new feature that makes IoCs sharing more convenient

VirusTotal, a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content, has announced a new feature called ‘VirusTotal Collections’ designed to make it easier for security researchers to share Indicators of Compromise (IoCs).

Indicators of compromise (IOCs) refer to data that indicates a potential intrusions on a host system or network. Security researchers use IoCs to better analyze a particular malware’s techniques and behaviors. IoCs also provide actionable threat intelligence that can be shared within the community to further improve an organization’s incident response and remediation strategies.

"Time evolves and now most investigations go beyond one observable, quickly adding up several indicators of compromise (IOCs) for one single incident . With many security researchers sharing their findings in blog posts and tweets, it’s getting hard to keep track of all these data inputs," Juan Infantes, software engineer at VirusTotal, wrote in a blog post introducing the new feature.

According to VirusTotal, a collection is a live report which contains a title, a group of IoCs (file hashes, URLs, domains and IP addresses) and an optional description.

“Collections are open to our VirusTotal Community (registered users) and they will be enhanced with VirusTotal analysis metadata providing the latest information we have for the IoCs, along with some aggregated tags,” Infantes said.

Collection owners can easily add or remove IoCs to or from them. Collections are available via VirusTotal's UI and API, and can be shared using their permalink in blog posts, reports, and the like.

Security researchers can create IoC collections by accessing the Search tab from the VirusTotal home page.


Back to the list

Latest Posts

The story of the four bears: Brief analysis of APT groups linked to the Russian government

The story of the four bears: Brief analysis of APT groups linked to the Russian government

In “The Four Bears” series we will tell you about the APT groups known as Fancy Bear, Cozy Bear, Voodoo Bear, and Berserk Bear.
17 January 2022
Cybersecurity year in review: Most notable APT hacks of 2021

Cybersecurity year in review: Most notable APT hacks of 2021

In 2021 nation-state actors somewhat faded into the background, but they still pose a significant threat.
17 January 2022
Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

The attackers exploited the Log4Shell vulnerability on ONUS’ Cyclos server to plant backdoor and exfiltrate data.
30 December 2021