Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

VirusTotal Launches Visualization Tool

VirusTotal this week announced the availability of a visualization tool designed to help with malware investigations. 

VirusTotal this week announced the availability of a visualization tool designed to help with malware investigations. 

Dubbed VirusTotal Graph, the new tool is available at or through a public report in the tool section (which requires a VirusTotal login). 

The tool should make it easier for investigators who are working with multiple reports at the same time, attempting to pivot between multiple data points (files, URLs, domains and IP addresses), as such work would normally result in having multiple tabs opened, which could complicate operations. 

“VirusTotal receives a large number of files and URLs every day, and each of them is analyzed by AVs and other tools and sandboxes to extract information about them. This information is critical for our ecosystem, as it connects the dots and makes clear the connections between entities,” VirusTotal notes

Built on top of VirusTotal’s data set, the new tool was designed to “understand the relationship between files, URLs, domains and IP addresses” and to bring the necessary information on these five entity types (relationships are included) together on a single interface, thus making it easier to navigate. 

Some of the features available for users include a search box (it even supports multiple indicators of compromise, via a Multi-entity search section), node summary section (summarizes the more relevant information), node expansion section (to correlate information from more than one entity), node action menu, detection dropdown (shows the number of AV detections), and node list (shows the list of all nodes in the panel). 

The  key elements of the VirusTotal Graph user interface will provide investigators not only with the most relevant information at a glance when clicking on a node, but also with the option to explore and expand each of the nodes in their graph, and build a network and observe connections across samples. Zooming in or out on a graph is also possible. 

VirusTotal also allows users to save the graphs so they can access them at any time, as well as to share their findings with other users (generating permalinks to the graph is also possible). VirusTotal makes all saved graphs public and also linked in VirusTotal public reports of files, URLs, IP addresses or domains that appear in the graph. 

Furthermore, with the help of VirusTotal Public or VirusTotal Intelligence report, users will be able to add labels and access in-depth reports.

“We feel the community will benefit from this intelligence. We understand that there are scenarios where a higher degree of privacy is needed, and we are working on a solution — expect to see some news around it soon,” VirusTotal concludes. 

Additional information on the new tool is available on VirusTotal’s support page and in two YouTube videos providing tutorials on Files and Domains

Related: VirusTotal Policy Change Rocks Anti-Malware Industry

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...