VirusTotal graphs about malware

[Xyl2k]

Hey there, i've been playing with VirusTotal graph since some weeks.
Originally i did a graph just for building a landscape of files for ATM Wall, the graph can be seen here: https://www.virustotal.com/graph/embed/g9521270d163a4778aa5bc376c0d80375b11f2d95beee484498dbdaafc989ee5f
I got the idea of doing this after having seen the work of @vanjasvajcer about ATM malware classification.

But i started to got vicious with VT graph so here is some interesting graphs i did based with VT and kernelmode.info:

• Zeus World (v2.1.0.1 and inferior): https://www.virustotal.com/graph/embed/gf17a46025f554bc4a4d0edaff78d4aabee6388c959584ac8981961ae32af6994
  Big nebula of zeus builders since code leak of v2.0.8.9, contain also few very old builders and some have funny messages inside destined to AV vendors.
  
• IceIX World (v1.2.5 and v1.2.6): https://www.virustotal.com/graph/embed/g3e3dfb66d191404593284509fbf9028c5253ee1651ee4da9b24225bf262634bf
• Citadel World (v1.3.4.5 and v1.3.5.1): https://www.virustotal.com/graph/embed/g1d0637aa096e45b2b1336844fe81e1e286a588fa049a4d529357c0a1d2f1646d
• Atmos World (v1.01): https://www.virustotal.com/graph/embed/ga7f70bed1f6f4394b4b503b5dcee997c66251a48418b4b3fba03119d3196389e
  Builders, releases, fews files.
  
• SpyEye World: https://www.virustotal.com/graph/embed/g98d5440408854a90b8e5fce2bd4003b40a7295519d5c4e0abe39a470a9fcadb5
  Research about plugins are based on the spyeye thread on kernelmode.info, contain a nice timeline of the versioning and most of interesting files i guess.
  
• Carberp 'krabs.7z': https://www.virustotal.com/graph/embed/gd6210da59ece445f8e0469a7408a4905126fa5722cdb4b759330e073a29e7429
  Files annotation based on kernelmode.info thread again (https://www.kernelmode.info/forum/viewtopic.php?f=16&t=2793), chaos mosaic at the image of the archive.
  
• BestAV affiliate: https://www.virustotal.com/graph/embed/g0741bdd40e4b4bc7a4c77e8240de0667f2ea89df4124484b87717ad081f741aa
  Lot of FakeAV files found with communicating IPs, graph based also on fews posts on kernelmode and also from my personal archive about thoses guys

And not related to malware but you can do also funny things:
Looking for an ollydbg modification ? https://www.virustotal.com/graph/embed/gd11e600f461c476082159553dadde7ac102288cd74df42d38f84291e97f2263a
You have lost your SoftIce CD ? https://www.virustotal.com/graph/embed/g7534bcb28a2a439a8d466f69542374127b54265b605c4589adbf97191a1b0467
a small landscape about dongle piracy https://www.virustotal.com/graph/embed/g035609ac24c94751ae94aef309b6599010d8ccd1549f49f3b8ef7e20febd3f9f

[Xyl2k]

virustotal at my door

and a small graph about a mbr ransom generator, lot of samples, few itw urls.
https://www.virustotal.com/graph/embed/g1eff513400894f7c8930f6e4200093ecd13d231f1d204b8e84e6c8c89481e2bb

[Xyl2k]

It's been a while, here is some new graph related to zbot (warning, they are heavy)

Zbot graph: https://www.virustotal.com/graph/embed/gf288663e9d4245c7b8384b9ab36b64f41b58a7df62a145e3ad643bfe140ffb02 (4k nodes)
With some additional details related to Microsoft citadel sinkhole operation.

CCAM (atmos monitoring): https://www.virustotal.com/graph/embed/g5edbfcddab834a59a105964ffdc24492b03a6a5ab4824cca96949cd0d9a3395b
With some details about in the wild locations.