Threat Investigation using OSINT Online Tools

Hi hi! So, this is another cheat sheet for security analysts and researchers which often rely on OSINT (Open Source Intelligence) tools to investigate malware samples and gather actionable insights about potential threats. These tools provide information on malware samples, network communications, domain and IP reputation, as well as any related indicators of compromise (IOCs). This guide will help you to get more information for your threat intelligence needs.

Color Guide:

Color	Description
🟢	Yes, it can do that! OR Yes, it has the feature!
🔴	No, it cannot do that! OR No, it doesn’t have the feature!
🟡	Depends on user/subscription level

Note: The list and guidance might contain errors due to my mistakes or oversights. Please double-check everything yourself and feel free to provide feedback! :D

Malware Sample

Tool	File Hash	Upload	Detection	File Path	File Names	Similarity	Download	Cmd Line	Details	String/Int	Bytes	Relation	Behavior	Network	YARA	New	PCAP	Mem Dump	S’box	MultiAV	Src Code
VirusTotal	🟢	🟢	🟢	🟢	🟢	🟢	🟡	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🔴
Threatbook	🟢	🟢	🟢	🟢	🟢	🔴	🟡	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🔴	🟢	🔴
Tri.age	🟢	🟢	🟢	🟢	🟢	🔴	🟢	🟢	🟢	🟢	🔴	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🟢	🔴
Any.Run	🟢	🟢	🟢	🟢	🟢	🔴	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🔴	🔴
HybridAnalysis	🟢	🟢	🟢	🟢	🟢	🔴	🟡	🟢	🟢	🟢	🟢	🔴	🟢	🟢	🟢	🔴	🟢	🟢	🟢	🟢	🔴
Joe Sandbox	🟢	🟢	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🟢	🔴
OpenTIP	🟢	🟢	🟢	🟡	🟢	🔴	🔴	🟡	🟢	🟡	🔴	🔴	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🔴	🔴
Filescan	🟢	🟢	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🔴	🔴	🔴	🟢	🟢	🔴	🔴	🔴	🔴	🟢	🟢	🔴
Jotti	🟢	🟢	🟢	🟢	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴
AlienVault	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴
ThreatFox	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴
Talos Intel	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴
X-Force	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴
Malshare	🟢	🟢	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🟢	🟢	🔴
ThreatMiner	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴
Qianxin	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🔴	🟢	🟢	🔴	🟢	🔴
GH Search or grep.app	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢
Google / X	🟢	🔴	🔴	🟢	🟢	🔴	🔴	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢
MalwareBazaar	🟢	🟢	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴
VX	🟢	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴
Wayback	🟢	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢

Network: Domain, IP, Cert

Tool	Whois	IP	DNS	URLs	Certs	C2 Hunting
VirusTotal	🟢	🟢	🟢	🟢	🟢	🟢
Threatbook	🟢	🟢	🟢	🟢	🔴	🔴
OpenTIP	🟢	🟢	🟢	🟢	🔴	🔴
Tri.age	🔴	🔴	🔴	🟢	🔴	🔴
Any.Run	🔴	🟢	🟢	🟢	🔴	🔴
HybridAnalysis	🔴	🟢	🟢	🟢	🔴	🔴
Joe Sandbox	🔴	🟢	🟢	🟢	🔴	🔴
Filescan	🔴	🟢	🟢	🟢	🔴	🔴
AlienVault	🔴	🟢	🟢	🔴	🔴	🔴
ThreatFox	🔴	🟢	🟢	🟢	🔴	🔴
Talos Intel	🟢	🟢	🟢	🔴	🔴	🔴
X-Force	🔴	🟢	🟢	🟢	🔴	🔴
Pulsedive	🔴	🟢	🟢	🔴	🟢	🔴
ThreatMiner	🔴	🟢	🟢	🟢	🔴	🔴
Qianxin	🔴	🟢	🟢	🟢	🟢	🔴
Google / X	🔴	🟢	🟢	🟢	🔴	🔴
Censys	🔴	🟢	🟢	🟢	🟢	🟢
Shodan	🔴	🟢	🟢	🟢	🟢	🟢
FOFA	🔴	🟢	🟢	🔴	🟢	🟢
Validin	🟢	🟢	🟢	🔴	🟢	🟢
DNSlytics	🟢	🟢	🟢	🔴	🔴	🔴
RiskIQ	🟢	🟢	🟢	🔴	🟢	🔴
Driftnet	🟢	🟢	🟢	🟢	🟢	🔴
SilentPush	🟢	🟢	🟢	🟢	🔴	🔴
BinaryEdge	🔴	🟢	🔴	🔴	🔴	🟢
Hunt.io	🔴	🟢	🔴	🔴	🔴	🟢
ZoomEye	🔴	🟢	🟢	🔴	🟢	🔴
crt.sh	🔴	🔴	🟢	🔴	🟢	🔴
GreyNoise	🔴	🟢	🔴	🔴	🔴	🔴
URLScan	🔴	🔴	🔴	🟢	🔴	🔴
Wayback Machine	🔴	🔴	🔴	🟢	🔴	🔴
URLHaus	🔴	🔴	🔴	🟢	🔴	🔴
Criminal IP	🔴	🟢	🟢	🔴	🔴	🔴
APIVoid	🔴	🟢	🔴	🔴	🔴	🔴
SSLBlacklist	🔴	🔴	🔴	🔴	🟢	🔴
FeodoTracker	🔴	🟢	🔴	🔴	🔴	🔴
DNSDumpster	🔴	🔴	🟢	🔴	🔴	🔴
AbuseIPDB	🔴	🟢	🔴	🔴	🔴	🔴
Gordon	🔴	🟢	🟢	🔴	🔴	🔴

Email Data

Tool	Email Sender	Email Object	Email Header
Google Toolbox	🔴	🔴	🟢
thatsthem	🟢	🔴	🔴
Qianxin	🟢	🔴	🔴
OSINT Industries	🟢	🔴	🔴

Enrichment / Ransomware

Tool	Data Leak	Ransomware	Stealer	Credential
Twitter	🟢	🟢	🟢	🟢
Ransomwatch	🔴	🟢	🔴	🔴
RansomLook	🔴	🟢	🔴	🔴
Ransom-db	🔴	🟢	🔴	🔴
Ransomware.live	🔴	🟢	🔴	🔴

PREVIOUSDive into PEB Walk in Malware Analysis