The VirusTotal Module

You need a paid VirusTotal subscription to use this module.

The VirusTotal Module monitors your yara-rules for you and alerts you of any new hits. Just fill in your API key and Liberty91 will do the rest. Note that Liberty91 will consume a maximum of 2,976 API-calls per month.

Find your API-key by going to https://www.virustotal.com/, then click on your username in the topright of the screen, and select API-key in the drop-down menu.

Click on API-key

You will be able to see your API-key use here. Your actual key is blurred, but you can unblur by clicking on the eye. You don't actually need to though: just click on the 'copy' icon next to the eye icon, and it will be stored in your clipboard.

Next, go to https://platform.liberty91.com/modules and select the VirusTotal Module from the Collection Modules.

For this module to work effectively, you should create yara-rules in the VirusTotal Platform, and let Liberty91 do the monitoring for you. To automatically link any events to entities in the threat library, the title or an alias of that threat entity should be included in the rule name. For example, if ‘APT34’ is mentioned in the rule, it will automatically be linked to the appropriate threat actor. You can find more information about creating YARA-rules in VirusTotal HERE.

Now any future hits on any of your LiveHunts will be imported as an event into Liberty91.

If you also want to import Threat Intelligence reports (recommended!), please use the Google Threat Intelligence Module.

PreviousThe X (twitter) Module NextThe Google Threat Intelligence Module

Last updated 27 days ago