Hi hi! So, this is another cheat sheet for security analysts and researchers which often rely on OSINT (Open Source Intelligence) tools to investigate malware samples and gather actionable insights about potential threats. These tools provide information on malware samples, network communications, domain and IP reputation, as well as any related indicators of compromise (IOCs). This guide will help you to get more information for your threat intelligence needs.
Color Guide:
Color |
Description |
π’ |
Yes, it can do that! OR Yes, it has the feature! |
π΄ |
No, it cannot do that! OR No, it doesnβt have the feature! |
π‘ |
Depends on user/subscription level |
Note: The list and guidance might contain errors due to my mistakes or oversights. Please double-check everything yourself and feel free to provide feedback! :D
Malware Sample
Tool |
File Hash |
Upload |
Detection |
File Path |
File Names |
Similarity |
Download |
Cmd Line |
Details |
String/Int |
Bytes |
Relation |
Behavior |
Network |
YARA |
New |
PCAP |
Mem Dump |
Sβbox |
MultiAV |
Src Code |
VirusTotal |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π‘ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π΄ |
Threatbook |
π’ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π‘ |
π’ |
π’ |
π΄ |
π΄ |
π’ |
π’ |
π’ |
π΄ |
π΄ |
π’ |
π’ |
π΄ |
π’ |
π΄ |
Tri.age |
π’ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π’ |
π’ |
π’ |
π΄ |
π΄ |
π’ |
π’ |
π’ |
π’ |
π΄ |
Any.Run |
π’ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π΄ |
π’ |
π’ |
π’ |
π΄ |
π΄ |
HybridAnalysis |
π’ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π‘ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π’ |
π’ |
π’ |
π΄ |
π’ |
π’ |
π’ |
π’ |
π΄ |
Joe Sandbox |
π’ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π΄ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π΄ |
π’ |
π’ |
π’ |
π’ |
π΄ |
OpenTIP |
π’ |
π’ |
π’ |
π‘ |
π’ |
π΄ |
π΄ |
π‘ |
π’ |
π‘ |
π΄ |
π΄ |
π’ |
π’ |
π΄ |
π΄ |
π’ |
π’ |
π’ |
π΄ |
π΄ |
Filescan |
π’ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π΄ |
π’ |
π’ |
π΄ |
π΄ |
π΄ |
π’ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π’ |
π΄ |
Jotti |
π’ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π΄ |
AlienVault |
π’ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π΄ |
ThreatFox |
π’ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
Talos Intel |
π’ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
X-Force |
π’ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
Malshare |
π’ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π’ |
π’ |
π΄ |
ThreatMiner |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
Qianxin |
π’ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π’ |
π΄ |
π’ |
π’ |
π΄ |
π’ |
π΄ |
GH Search or grep.app |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
Google / X |
π’ |
π΄ |
π΄ |
π’ |
π’ |
π΄ |
π΄ |
π’ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
MalwareBazaar |
π’ |
π’ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
VX |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
Wayback |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
π΄ |
π΄ |
π’ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π΄ |
π’ |
Network: Domain, IP, Cert
Email Data
Enrichment / Ransomware