Cybersecurity

VirusTotal Unveils New Threat Tracking Methods

Highlights

  • VirusTotal shifts focus to early kill chain stages.
  • AI tools enhance threat detection efficiency.
  • Reused files link threats to actors.
Samantha Reed
Samantha Reed

VirusTotal has introduced innovative techniques to track adversary activities by focusing on images and artifacts used during the early stages of the kill chain. This shift in approach promises to enhance threat hunting and detection engineering efforts by analyzing samples created during the weaponization and delivery phases. The new methods represent a significant departure from traditional practices that primarily concentrate on the latter stages of the kill chain, emphasizing execution and actions on objectives.

Contents
Analyzing Embedded FilesAI IntegrationKey Inferences

VirusTotal, a subsidiary of Google, provides a free online service enabling the analysis of files and URLs for potential malware and other types of threats. The platform, launched in 2004, aggregates multiple antivirus engines and website scanners to improve the detection rate of potential threats. Users can submit files, URLs, domain names, and IP addresses for analysis. The service offers insights into the nature of the threats and shares the results with the cybersecurity community, contributing to collective threat intelligence.

VirusTotal has historically concentrated on the latter stages of the kill chain, leveraging information from endpoint detection and response (EDR) and security information and event management (SIEM) tools. However, the recent presentation at the FIRST CTI in Berlin and Botconf in Nice revealed a new focus on the weaponization and delivery phases, analyzing embedded files and images in Microsoft Office documents and PDFs. This shift aims to catch threats earlier in the kill chain by scrutinizing artifacts often used by threat actors.

In the past, the emphasis was on the latter stages due to the availability of more information, making it easier for analysts to detect and respond to threats. The new approach by VirusTotal, focusing on the initial stages, is expected to uncover potential threats much earlier. By examining elements like document metadata, embedded images, and XML files, the platform provides analysts with new tools for early detection. This method allows for a more proactive defense mechanism, which could prevent many attacks before they fully develop.

Analyzing Embedded Files

VirusTotal has identified several types of embedded files within Office documents that are valuable for threat hunting. These include images, [Content_Types].xml files, and styles.xml files. The platform’s research has shown that threat actors often reuse these files, making it possible to track and identify malicious activities. For instance, APT28 and SideWinder have been found to reuse images in different malicious documents, while Gamaredon uses consistent XML files across varied samples. By identifying these patterns, VirusTotal can link different threats to a single actor.

AI Integration

The integration of AI plays a crucial role in VirusTotal’s new approach. The platform uses the VirusTotal API to download and analyze Office documents, isolating embedded images. The AI tool, Gemini, then describes these images, helping analysts identify suspicious documents. This automated analysis significantly enhances the efficiency of the threat detection process. Additionally, the platform has demonstrated the utility of examining PDF and email files, where similar techniques can uncover phishing campaigns and other malicious activities.

Key Inferences

• Early-stage analysis of embedded files and images can reveal threat actor patterns.
• AI tools like Gemini streamline the identification of suspicious documents.
• Reuse of specific XML and image files links multiple threats to single actors.

VirusTotal’s innovative methods provide a valuable addition to traditional threat hunting techniques. By focusing on the initial phases of the kill chain and incorporating AI, the platform enables more proactive threat detection. Analysts can now identify and respond to threats more quickly, potentially preventing attacks before they escalate. This approach not only enhances the security landscape but also fosters a more collaborative environment for sharing threat intelligence. As cyber threats evolve, VirusTotal’s methods offer a forward-thinking solution for the cybersecurity community.

You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

Microsoft Seizes 240 Sites Tied to Egyptian Phishing Kit Seller

Meta Removes Millions of Scam Accounts Linked to ‘Pig Butchering’

Crum & Forster Launches Liability Coverage for CISOs

Authorities Charge Five for Scattered Spider Cyber Attacks

Senator Pushes FCC to Implement Telecom Wiretap Security Measures

Share This Article
Samantha Reed
By Samantha Reed
Samantha Reed is a 40-year-old, New York-based technology and popular science editor with a degree in journalism. After beginning her career at various media outlets, her passion and area of expertise led her to a significant position at Newslinker. Specializing in tracking the latest developments in the world of technology and science, Samantha excels at presenting complex subjects in a clear and understandable manner to her readers. Through her work at Newslinker, she enlightens a knowledge-thirsty audience, highlighting the role of technology and science in our lives.
Previous Article Samsung Updates Four Galaxy A Series Phones
Next Article IBM Concert Transforms Tech Operations

Stay Connected

Latest News

Dysolve Launches AI-Powered Solution to Tackle Dyslexia
AI Technology
New Simulation Suggests How Mars Acquired Its Moons
Space
OpenAI Enhances AI Safety with Advanced Red Teaming Methods
AI
Early Stars Electrified Universe’s Largest Magnetic Fields
Space
Big Tech Invests $240 Billion in AI in 2024
AI