VirusTotal Reviews

We usually use it to explore and monitor malicious campaigns and other such activities. We use the IOCs and YARA rules to implement and monitor attacks, and to detect any suspicious or malicious activities. 

We also analyze files privately with VirusTotal's private scanning feature, without sharing them with anyone. 

We have been using other platforms as well, but we feel that VirusTotal adds more value to our services, especially since I mostly deal with retail and FinTech. 

For retail and FinTech, VirusTotal is mandatory, and we have to be more productive with our website and applications.

So, VirusTotal is a great online service that helps marketers and business people analyze suspicious files, and detect malware and malicious content using antivirus engines and site scanners.

I like the entire functionality, the entire ecosystem and architecture of malware and virus detection is impressive. There are four points:

1. VirusTotal is capable of detecting, blocking, and removing viruses and malware.
2. It can identify threats and block phishing attempts. This is a great area that I have not explored yet, but I am looking forward to it. Perhaps the tools will be updated in the next release to address this. This is one grey area.
3. It can scan the dark web and find if an email ID has been compromised. This is another area that we have not explored yet.
4. It helps businesses collect threat data while keeping privacy in mind.
5. I have worked with VirusTotal because it easily integrates with over 70 antivirus scanners and blacklisting services. In addition to those, I think there is much scope to improve and add other services or integrations.

As I work in an incident response role, my daily task is to mitigate the security alert and perform the analysis part. When any alerts come, I check the IPs from where they originate and the location. If any URLs or domains are involved, I check when those domains were created. I also check what the final URL of a redirected URL is. All these tasks are performed using VirusTotal.

VirusTotal makes our analysis easy. By providing scores and details, we can determine how malicious or genuine a site, IP, or anything else is. This helps streamline the process.

My main use cases have been to check whether the files are malicious or appear to be malicious and whether they are recognized based on the signature generated after scanning them. 

Additionally, I use it to determine if a file has been seen before, particularly when detecting leaks of possible proprietary files. The ability to see what sites are related to a certain file or program is also valuable for uncovering previously unknown connections.

The feature I like the most is the ability to see the MD5 or SHA-256 signature of the file, and also the composition of the file according to its segments. This allows me to compare versions of programs and determine if there are any major differences that could indicate a trojan or another threat. 

Additionally, the hash sharing feature is quite useful in understanding if others have encountered a specific file before.

I am working in GRC, and sometimes VirusTotal is just a tool. We mostly use VirusTotal for pinging suspicious IP addresses. Whenever there is a suspicious IP, we put it inside VirusTotal for further details. We use it to get details about IP originations or when we need to check IPs, URLs, or hashes for their legitimacy.

Having VirusTotal helps the organization mitigate risks, maintain control over breaches, and verify suspicious activity more effectively.

Using VirusTotal is my responsibility in my current job. I have been utilizing it for security intelligence purposes.

It is developed by Google, which means its search algorithm and efficiency are higher than other tools. It is quite simple for anyone if they just want to check some suspicious URLs.

I primarily use VirusTotal for investigations and final analysis in security operations processes, specifically for file inspection to check hashes before opening files, to ensure they are not malware. I also employ it for URL service checks and analyzing links, particularly in case they are part of a phishing campaign. 

Additionally, I utilize it for obtaining information about product intelligence and other security cases, especially those related to IP addressing.

VirusTotal has been very useful in terms of correlating integrators of compromise with what already exists within the resources. This has helped in improving security incident response time, making the correlation between known threats and existing data more efficient.

I use VirusTotal for hash file analysis with sandboxing and mostly for URLs, particularly phishing attempts. I typically use it to check for possible malicious activity that might be associated with URLs and their websites.

The most valuable feature is the ability to analyze uploaded files, especially relatively large files like one hundred MB to two hundred MB. VirusTotal can analyze these files with different sandboxes and malware analysis engines. 

Additionally, it provides detailed insights into possible malicious behavior, dropped files, and TCP connections.

There are a lot of different use cases. For example, for research on malware or phishing websites, we can use VirusTotal to check if a file is malicious or a website is phishing. 

In my personal work, I also use the VirusTotal API to collect information to build a platform. We integrate VirusTotal in other productions.

For detection, we only care about the detection result. However, in another use case, we care more about the behavior, such as malicious behavior when doing some deep research. 

For different use cases, we focus on different features.