VirusTotal's MISP modules get a fresh upgrade



Informationsportal Cybersicherheit interne Portal Nachrichten

TSEC NEWS (572 Quellen): 11.08.22 Perofrmance fix. Download Android App Android App von Team IT Security


Informationsportal Cybersecurity Chronologie für Nachrichtenthemen


VirusTotal's MISP modules get a fresh upgrade

blog.virustotal.com

Tldr: We upgraded the VirusTotal MISP modules and added new cool relationships.

Historically, VirusTotal provides integration to MISP through two modules (corresponding to public and VT Enterprise subscriptions) created and maintained by the community. They are used to enrich and provide additional context to indicators in the MISP platform. Additionally, we contributed with a module to export MISP events to VTGraph and more recently with a module exporting events to VTCollections. 


The freshly upgraded modules (VirusTotal and VirusTotal Public) were migrated from the old API v2 to v3, which allowed us to improve the data returned per indicator, adding detection ratio to IPs addresses and Domains. Moreover, we have added more relationships and attributes.

The following table summarizes the attributes provided by the freshly upgraded modules to enrich MISP events per type of indicator:

MISP Module

File

URL

Domain

IP

VirusTotal

Detection ratio

md5,sha1,sha256

tlsh*

vhash*

ssdeep*

imphash*

ITW urls*

Communicating files*

Downloaded files*

Referrer files*

Detection ratio

Communicating files*

Downloaded files*

Referrer files*

Resolutions*

URLs*

Detection ratio*

Whois

Communicating files

Downloaded files

Referred files

Subdomains Siblings Resolutions

URLs*

Detection ratio*

ANS

Network

Country Resolutions

URLs

VirusTotal Public

Detection ratio

tlsh*

vhash*

ssdeep*

imphash*

Communicating files*

Downloaded files*

Referrer files*

Detection ratio

Detection ratio*

Whois

Communicating files

Referred files

Subdomains Siblings Resolutions

Detection ratio*

ANS

Network

Country Resolutions

* new attributes and relationships available.

Keep in mind that all these VirusTotal modules are not activated in MISP by default, so please ask your friendly MISP administrator to check them out! Stay tuned for more VirusTotal contributions into the Threat Intel ecosystem and as usual, please let us know how we can further help.

Happy Hunting!
...

Komplette Nachricht lesen

Zur Startseite


➤ Ähnliche Beiträge für 'VirusTotal's MISP modules get a fresh upgrade'

MISP bis 2.4.68 Index Filter Tool misp2.4.68.js cross site scripting

vom 2221.35 Punkte
Eine problematice Schwachstelle wurde in MISP bis 2.4.68 entdeckt. Hierbei geht es um eine unbekannte Funktion der Datei app/webroot/js/misp2.4.68.js der Komponente Index Filter Tool. Durch die Manipulation mit einer unbekannten Eingabe kann eine Cross Site

MISP - Malware Information Sharing Platform and Threat Sharing

vom 1010.4 Punkte
The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detecti

[Unstable Update] 2021-04-02 - Kernels, Gnome 40, Firefox, Libreoffice, Systemd 248

vom 963.88 Punkte
Hello community, Another unstable branch update with some usual updates for you. 1920×969 154 KB Test Gnome with our latest Developer ISOs, both 3.38 and 40 shell-based! We continue updateing Gnome to 40 Most of our Kernels got updated Another Firefox beta update LibreOffice

[Testing Update] 2020-08-23 - Kernels, LibreOffice 7.0, KDE-git, Mate 1.24.1, GCC 10, Python, Haskell

vom 894.8 Punkte
Hello community, Another testing branch update with some interesting updates for you! 1024×260 140 KB Get the latest LibreOffice 7.0 … #stayhome, #staysafe, #stayhealthy LibreOffice got renewed to the latest releases: 6.4.6; 7.0.0 We updated some of our KDE-git packages Mat

[Testing Update] 2020-03-21 - Kernels, Pamac 9.4, Systemd, Mesa, LibreOffice

vom 873.04 Punkte
@philm wrote: Hello community, here is another Testing Update for you: 1000×60010 reasons to switch to Manjaro Linux Some feature-updates: We updated some of our Kernels Pamac finally got updated to 9.4.0 and introduces f

Misp-Dashboard - A Dashboard For A Real-Time Overview Of Threat Intelligence From MISP Instances

vom 727.43 Punkte
A dashboard showing live data and statistics from the ZMQ feeds of one or more MISP instances. The dashboard can be used as a real-time situational awareness tool to gather threat intelligence information. The misp-dashboard includes a gamification tool to show th

Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise

vom 595.16 Punkte
TL;DR: VirusTotal APIv3 includes an endpoint to retrieve all the dynamic analysis reports for a given file. This article showcases programmatic retrieval of sandbox behaviour reports in order to produce indicators of compromise that you can use to pow

Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence

vom 539.79 Punkte
Quick links:https://support.virustotal.com/hc/en-us/articles/360001387057https://developers.virustotal.com/v3.0/reference#intelligence-searchhttps://github.com/VirusTotal/vt-pyTen years ago, VirusTotal launched VT Intelligence; a critical component of VT Ent

Maintaining a healthy community

vom 527.97 Punkte
VirusTotal was born 12 years ago as a collaborative service to promote the exchange of information and strengthen security on the internet. The initial idea was very basic: anyone could send a suspicious file and in return receive a report with multi

Maintaining a healthy community

vom 527.97 Punkte
VirusTotal was born 12 years ago as a collaborative service to promote the exchange of information and strengthen security on the internet. The initial idea was very basic: anyone could send a suspicious file and in return receive a report with multi

Deception at a scale

vom 477.05 Punkte
Continuing our initiative of sharing VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, we are proud to announce our “Deception at scale: How malware abuses t

Revamping in-house dynamic analysis with VirusTotal Jujubox Sandbox

vom 418.77 Punkte
VirusTotal Jujubox Sandbox in action: This is a small datastudio set up to illustrate the kind of analytics that can be built with a massive dynamic analysis setup, generating IoCs. Note that there are several pages. One of the main themes of VirusTota

Team Security Diskussion über VirusTotal's MISP modules get a fresh upgrade