IntelOwl

IntelOwl copied to clipboard

[Analyzer] Knock

2

## Name Knock ## Link https://github.com/guelfoweb/knock ## Type of scanner observable: https://github.com/guelfoweb/knock#module ## Why should we use it It is a useful reconnaissance tool ## Possible implementation see: https://github.com/guelfoweb/knock#module

mlodic

## Name Droidlysis ## Link https://github.com/cryptax/droidlysis ## Type of analyzer docker analyzer, to be inserted in the malware_tools_analyzers container ## Why should we use it Static analysis of Android app...

mlodic

[Analyzer] DetectItEasy

1

## Name DetectItEasy ## Link https://github.com/horsicq/Detect-It-Easy ## Type of analyzer Docker analyzer to be integrated in the malware_analysis_tools container. Supports only executable files ## Why should we use it Very...

mlodic

[Analyzer] Abusix

1

## Name Abusix ## Link https://abusix.com/contact-db/ ## Type of analyzer observable -> IP address only. This could leverage some code already used for other DNS-based analyzers. Otherwise you could use...

mlodic

[Analyzer] CleanBrowsing DNS

2

## Name CleanBrowsing_DNS ## Link https://cleanbrowsing.org/filters/#step3 ## Type of analyzer like the other DNS services. They provide only DNS services with filter. For us it would be enough to connect...

mlodic

## Name UltraDNS ## Link https://www.publicdns.neustar/ ## Type of analyzer similar to the other DNS analyzers. If does filter some malicious domains so we should create 2 different analyzers based...

mlodic

[Analyzer] Greynoise Labs

10

## Name Greynoise_Labs ## Link https://www.greynoise.io/blog/labs-api-its-playtime ## Type of analyzer observable for IP only. It should extract the data from all the available queries that support IP addresses: * noiseRank...

mlodic

[Analyzer] UnpacMe analyzer for observables

1

## Name UnpacMe_Search ## Link https://www.unpac.me/search ## Type of analyzer observables -> for hashes (detect the hash and search for it), for domains/IP (via c2 query), ## Why should we...

mlodic

[Analyzer] Permhash

1

## Name Permhash ## Link https://www.mandiant.com/resources/blog/permhash-no-curls-necessary ## Type of analyzer file based ## Why should we use it it could be used for hunting purposes on apk and chrome extensions...

mlodic

[Analyzer] HFinger

2

## Name Hfinger ## Link https://github.com/CERT-Polska/hfinger ## Type of analyzer file analyzer, supports for PCAPs only ## Why should we use it It is a cool tool to create fingerprints...

mlodic