Cheatsheet: Enrich Threat Information via OSINT tools

Hi hi! So, this is another cheat sheet for security analysts and researchers which often rely on OSINT (Open Source Intelligence) tools to investigate malware samples and gather actionable insights about potential threats. These tools provide information on malware samples, network communications, domain and IP reputation, as well as any related indicators of compromise (IOCs). This guide will help you to get more information for your threat intelligence needs.

Malware Sample

Tool	File Hash	Upload	Detection	File Path	File Names	Similarity	Download	Cmd Line	Details	String/Int	Bytes	Relation	Behavior	Network	YARA	New	PCAP	Mem Dump	S’box	MultiAV	Src Code
VirusTotal	🟢	🟢	🟢	🟢	🟢	🟢	🟡	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🔴
Threatbook	🟢	🟢	🟢	🟢	🟢	🔴	🟡	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🔴	🟢	🔴
Tri.age	🟢	🟢	🟢	🟢	🟢	🔴	🟢	🟢	🟢	🟢	🔴	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🟢	🔴
Any.Run	🟢	🟢	🟢	🟢	🟢	🔴	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🔴	🔴
HybridAnalysis	🟢	🟢	🟢	🟢	🟢	🔴	🟡	🟢	🟢	🟢	🟢	🔴	🟢	🟢	🟢	🔴	🟢	🟢	🟢	🟢	🔴
Joe Sandbox	🟢	🟢	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🟢	🔴
OpenTIP	🟢	🟢	🟢	🟡	🟢	🔴	🔴	🟡	🟢	🟡	🔴	🔴	🟢	🟢	🔴	🔴	🟢	🟢	🟢	🔴	🔴
Filescan	🟢	🟢	🟢	🟢	🟢	🔴	🔴	🟢	🟢	🔴	🔴	🔴	🟢	🟢	🔴	🔴	🔴	🔴	🟢	🟢	🔴
Jotti	🟢	🟢	🟢	🟢	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴
AlienVault	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴
ThreatFox	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴
Talos Intel	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴
X-Force	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴
Malshare	🟢	🟢	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🟢	🟢	🔴
ThreatMiner	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴
Qianxin	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🟢	🔴	🟢	🟢	🔴	🟢	🔴
GH Search or grep.app	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢
Google / X	🟢	🔴	🔴	🟢	🟢	🔴	🔴	🟢	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢
MalwareBazaar	🟢	🟢	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴
VX	🟢	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴
Wayback	🟢	🔴	🔴	🔴	🔴	🔴	🟢	🔴	🔴	🟢	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🔴	🟢

Network: Domain, IP, Cert

Tool	Whois	IP	DNS	URLs	Certs	C2 Hunting
VirusTotal	🟢	🟢	🟢	🟢	🟢	🟢
Threatbook	🟢	🟢	🟢	🟢	🔴	🔴
OpenTIP	🟢	🟢	🟢	🟢	🔴	🔴
Tri.age	🔴	🔴	🔴	🟢	🔴	🔴
Any.Run	🔴	🟢	🟢	🟢	🔴	🔴
HybridAnalysis	🔴	🟢	🟢	🟢	🔴	🔴
Joe Sandbox	🔴	🟢	🟢	🟢	🔴	🔴
Filescan	🔴	🟢	🟢	🟢	🔴	🔴
AlienVault	🔴	🟢	🟢	🔴	🔴	🔴
ThreatFox	🔴	🟢	🟢	🟢	🔴	🔴
Talos Intel	🟢	🟢	🟢	🔴	🔴	🔴
X-Force	🔴	🟢	🟢	🟢	🔴	🔴
Pulsedive	🔴	🟢	🟢	🔴	🟢	🔴
ThreatMiner	🔴	🟢	🟢	🟢	🔴	🔴
Qianxin	🔴	🟢	🟢	🟢	🟢	🔴
Google / X	🔴	🟢	🟢	🟢	🔴	🔴
Censys	🔴	🟢	🟢	🟢	🟢	🟢
Shodan	🔴	🟢	🟢	🟢	🟢	🟢
FOFA	🔴	🟢	🟢	🔴	🟢	🟢
Validin	🟢	🟢	🟢	🔴	🟢	🟢
DNSlytics	🟢	🟢	🟢	🔴	🔴	🔴
RiskIQ	🟢	🟢	🟢	🔴	🟢	🔴
Driftnet	🟢	🟢	🟢	🟢	🟢	🔴
SilentPush	🟢	🟢	🟢	🟢	🔴	🔴
BinaryEdge	🔴	🟢	🔴	🔴	🔴	🟢
Hunt.io	🔴	🟢	🔴	🔴	🔴	🟢
ZoomEye	🔴	🟢	🟢	🔴	🟢	🔴
crt.sh	🔴	🔴	🟢	🔴	🟢	🔴
GreyNoise	🔴	🟢	🔴	🔴	🔴	🔴
URLScan	🔴	🔴	🔴	🟢	🔴	🔴
Wayback Machine	🔴	🔴	🔴	🟢	🔴	🔴
URLHaus	🔴	🔴	🔴	🟢	🔴	🔴
Criminal IP	🔴	🟢	🟢	🔴	🔴	🔴
APIVoid	🔴	🟢	🔴	🔴	🔴	🔴
SSLBlacklist	🔴	🔴	🔴	🔴	🟢	🔴
FeodoTracker	🔴	🟢	🔴	🔴	🔴	🔴
DNSDumpster	🔴	🔴	🟢	🔴	🔴	🔴
AbuseIPDB	🔴	🟢	🔴	🔴	🔴	🔴
Gordon	🔴	🟢	🟢	🔴	🔴	🔴

Ransomware

Tool	Data Leak	Ransomware	Stealer	Credential
Twitter	🟢	🟢	🟢	🟢
Ransomwatch	🔴	🟢	🔴	🔴
RansomLook	🔴	🟢	🔴	🔴
Ransom-db	🔴	🟢	🔴	🔴
Ransomware.live	🔴	🟢	🔴	🔴

Email Data

Tool	Email Sender	Email Object	Email Header
Google Toolbox	🔴	🔴	🟢
thatsthem	🟢	🔴	🔴
Qianxin	🟢	🔴	🔴
OSINT Industries	🟢	🔴	🔴

PREVIOUSCheatsheet: Malicious Document Analysis

NEXTCheatsheet: Threat Attribution in Threat Intelligence