1. Home
  2. Mapping Frameworks
  3. GCP Home
  4. Virus Total

GCP virus_total Mappings

VirusTotal analyzes suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community. It's a web-based scanner that utilizes over 70 antivirus scanners and URL/blacklisting services, among other tools, to extract signals from uploaded content.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
virus_total Virus Total protect significant T1566 Phishing
Comments
VirusTotal, now part of Google Cloud, provides threat context and reputation data to help analyze suspicious files, URLs, domains, and IP addresses to detect cybersecurity threats. This control can help mitigate adversaries that try to send malware via emails using malicious links or attachments. The malware-scanner service scans the uploaded document for malware. If the document is infected, the service moves it to a quarantined bucket; otherwise the document is moved into another bucket that holds uninfected scanned documents.
References
  1. https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage
  2. https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information
  3. https://assets.virustotal.com/vt-360-outcomes.pdf
virus_total Virus Total protect partial T1566.001 Spearphishing Attachment
Comments
VirusTotal, now part of Google Cloud, provides threat context and reputation data to help analyze suspicious files, URLs, domains, and IP addresses to detect cybersecurity threats.
References
  1. https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage
  2. https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information
  3. https://assets.virustotal.com/vt-360-outcomes.pdf
virus_total Virus Total protect significant T1059 Command and Scripting Interpreter
Comments
VirusTotal, now part of Google Cloud, provides threat context and reputation data to help analyze suspicious files, URLs, domains, and IP addresses to detect cybersecurity threats.
References
  1. https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage
  2. https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information
  3. https://assets.virustotal.com/vt-360-outcomes.pdf
virus_total Virus Total protect significant T1598.003 Spearphishing Link
Comments
Adversaries may send spearphishing messages with a malicious link to elicit sensitive information that can be used during targeting. VirusTotal Graph is a visualization tool built on top of the VirusTotal data set. It analyzes the relationship between files, URLs, domains, IP addresses, and other items encountered.
References
  1. https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage
  2. https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information
  3. https://assets.virustotal.com/vt-360-outcomes.pdf
virus_total Virus Total protect significant T1566.002 Spearphishing Link
Comments
VirusTotal, now part of Google Cloud, provides threat context and reputation data to help analyze suspicious files, URLs, domains, and IP addresses to detect cybersecurity threats. This control can help mitigate adversaries sending malware through spearphishing emails. The malware-scanner service scans the uploaded document for malware. If the document is infected, the service moves it to a quarantined bucket; otherwise the document is moved into another bucket that holds uninfected scanned documents.
References
  1. https://cloud.google.com/architecture/automating-malware-scanning-for-documents-uploaded-to-cloud-storage
  2. https://cloud.google.com/chronicle/docs/investigation/view-virustotal-information
  3. https://assets.virustotal.com/vt-360-outcomes.pdf