1. Home
  2. Mapping Frameworks
  3. GCP Home
  4. Virus Total Capability Group

GCP Virus Total Capability Group

All Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
virus_total Virus Total protect significant T1566 Phishing
Comments
VirusTotal, now part of Google Cloud, provides threat context and reputation data to help analyze suspicious files, URLs, domains, and IP addresses to detect cybersecurity threats. This control can help mitigate adversaries that try to send malware via emails using malicious links or attachments. The malware-scanner service scans the uploaded document for malware. If the document is infected, the service moves it to a quarantined bucket; otherwise the document is moved into another bucket that holds uninfected scanned documents.
References
  1. https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage
  2. https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information
  3. https://assets.virustotal.com/vt-360-outcomes.pdf
virus_total Virus Total protect partial T1566.001 Spearphishing Attachment
Comments
VirusTotal, now part of Google Cloud, provides threat context and reputation data to help analyze suspicious files, URLs, domains, and IP addresses to detect cybersecurity threats.
References
  1. https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage
  2. https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information
  3. https://assets.virustotal.com/vt-360-outcomes.pdf
virus_total Virus Total protect significant T1059 Command and Scripting Interpreter
Comments
VirusTotal, now part of Google Cloud, provides threat context and reputation data to help analyze suspicious files, URLs, domains, and IP addresses to detect cybersecurity threats.
References
  1. https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage
  2. https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information
  3. https://assets.virustotal.com/vt-360-outcomes.pdf
virus_total Virus Total protect significant T1598.003 Spearphishing Link
Comments
Adversaries may send spearphishing messages with a malicious link to elicit sensitive information that can be used during targeting. VirusTotal Graph is a visualization tool built on top of the VirusTotal data set. It analyzes the relationship between files, URLs, domains, IP addresses, and other items encountered.
References
  1. https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage
  2. https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information
  3. https://assets.virustotal.com/vt-360-outcomes.pdf
virus_total Virus Total protect significant T1566.002 Spearphishing Link
Comments
VirusTotal, now part of Google Cloud, provides threat context and reputation data to help analyze suspicious files, URLs, domains, and IP addresses to detect cybersecurity threats. This control can help mitigate adversaries sending malware through spearphishing emails. The malware-scanner service scans the uploaded document for malware. If the document is infected, the service moves it to a quarantined bucket; otherwise the document is moved into another bucket that holds uninfected scanned documents.
References
  1. https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage
  2. https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information
  3. https://assets.virustotal.com/vt-360-outcomes.pdf

Capabilities

Capability ID Capability Name Number of Mappings
virus_total Virus Total 5