Emiliano Martinez

#MonthOfVTSearch is live! GUI searches are quota-free all month for VirusTotal customers. Day 1: Hunting Gamaredon-related document activity. Follow along. One search per day. Try it, pivot, and share your results.

We’re thrilled to share our new collab with @huggingface , check out how we’re teaming up to boost AI safety and threat intel blog.virustotal.com/2025/10/huggin…

@motuariki_ @bawitdaba3 Can you DM me?

@bawitdaba3 This is my personal take but I just want VirusTotal. The Mandiant acquisition and merge by Google has resulted in things I never wanted or needed but am being forced to pay for. :(

Thanks I hate it.

@jfslowik @DrunkBinary @virustotal @snlyngaas @Bing_Chris Please check your quota and future consumption.

@DrunkBinary @virustotal @snlyngaas @Bing_Chris Ah that explains why my retrohunt quota got tanked less than a week into September....

This is some straight up bullshit that @virustotal is pulling, it's expensive as hell to go up in tiers of service, talk about some shady business practices. @snlyngaas @Bing_Chris y'all gonna reach out to ask them why they are pulling a Microsoft business practices here?

@AzakaSekai_ @DrunkBinary @jfslowik @virustotal @snlyngaas @Bing_Chris Please check your quota and future consumption.

@DrunkBinary @jfslowik @virustotal @snlyngaas @Bing_Chris Unfortunately no, a direct quote from them we got was "Previously, our policy allowed customers to use unlimited YARA rules per job. However, now this is limited by the number of rules."

@philofishal @virustotal Please check your quota and future consumption.

@juanandres_gs Please check your quota and future consumption.

The change to VirusTotal's retrohunt quota count (per YARA rule not per retrohunt run) is frankly insulting. Retrohunts don't cost VT more to run, the value is now lower, but the price is the same –low 4-figures per run?–, and you're still only scanning less than a year of data!?

@cyb3rops @M_haggis @_josehelps @mattnotmax Sounds good, ping me via email and let's set it up. Now, let's also tag them and document them (references in comments) in VT itself.

@M_haggis @_josehelps @mattnotmax @zenitrame: We're hashing out the idea of a VT Enterprise harvest to get a list of hashes for these drivers. I guess it would require a few hundred or a thousand search queries to generate an insanely useful DB of vuln drivers for the community Could we get an access to do that?

With lots of help from @_josehelps and @mattnotmax, I present a sneak peak of the LOLDrivers Project - Ability to search, access resources, hashes, CSV and json downloads as well. Coming soon. We're that much closer to a one stop driver shop.

@dfir_justin @virustotal @Mandiant We will, any other suggestions?

We welcome @Mandiant's CAPA and GoReSym to our malware analysis suite. CAPA provides valuable TTPs, and GoReSym produces all kind of metadata to analyse GO samples: blog.virustotal.com/2023/01/mandia…

@ali_alwashali @virustotal Any columns other than the displayed ones that you would add?

Hi @virustotal Could you please add all columns (detections AS, and country code) in the exported CSV from the collection page, currently CSV contains only the IPs which is not really helping a lot.

@malearnity @daniel_gf3 deployed a fix. Section names lead to a UnicodeDecodeError and our PE analysis tool failed to process and produce a vhash for similarity pivoting. It should now be OK.

@malearnity It is a PE, we should have indeed produced a vhash, let me look into it, keep you posted.

Any idea why VirusTotal cannot hash some feature vectors? Is it bc they can't parse the binary, or the hashing module actually fails to create a hash from the feature vector, or something else :-)? (see below) #VirusTotal

@pmsandstad @ChicagoCyber No, no plans. VT is about sharing threat context to improve world-wide defenses against them by empowering those that can take action (sec teams, vendors, etc.). On-prem goes against the mission of increasing world-wide visibility.

@ChicagoCyber This is being misunderstood. Private scanning will not be a replacement for standard VT. It does not include AV scans but rather the rest of in-house static and dynamic analysis that we have. It is only for unknown files that you would not upload to VT, gives investigative leads.

@kafkaesqu3 Soon it will, stay tuned. It is planned for rollout in Q4.

does anyone know why Virustotal retrohunt does not support VT yara module? #blueteam #ThreatIntel

@_tallison @yvesmaurer @virustotal We offer free quota to accommodate net new file uploads. virustotal.com/gui/contact-us go down the technical support route.

@runasand @virustotal What can we improve to help you catch the goose?

Hunting for samples on @virustotal.

@ali_alwashali @cyb3rops @malshiekh @virustotal It has always been free but only visible to registered users. This is because displaying those insights to average non-technical users can make VT very cryptic. Users that register predominantly come from the industry and higher chances they'll understand.

@cyb3rops @malshiekh @virustotal Yes, free to to view the sigma rules of already uploaded samples, screenshot above is from my community account.

I just found out that @virustotal provides SIGMA rules matching behavior of uploaded malware, this is awesome.

@snkhan @virustotal @karlhiramoto @entdark_

Hey @virustotal, your sandboxes aren’t doing well capturing msdt execution due to an interstitial. See: virustotal.com/gui/file/fc6a9… Consequently, my YARA rule with “cmd contains ‘msdt.exe’” within “vt.behaviour.command_executions” never fires. Can you help please? #Follina #msdt