IntelOwl
IntelOwl copied to clipboard
IntelOwl: manage your Threat Intelligence at scale
## Name Knock ## Link https://github.com/guelfoweb/knock ## Type of scanner observable: https://github.com/guelfoweb/knock#module ## Why should we use it It is a useful reconnaissance tool ## Possible implementation see: https://github.com/guelfoweb/knock#module
## Name Droidlysis ## Link https://github.com/cryptax/droidlysis ## Type of analyzer docker analyzer, to be inserted in the malware_tools_analyzers container ## Why should we use it Static analysis of Android app...
## Name DetectItEasy ## Link https://github.com/horsicq/Detect-It-Easy ## Type of analyzer Docker analyzer to be integrated in the malware_analysis_tools container. Supports only executable files ## Why should we use it Very...
## Name Abusix ## Link https://abusix.com/contact-db/ ## Type of analyzer observable -> IP address only. This could leverage some code already used for other DNS-based analyzers. Otherwise you could use...
## Name CleanBrowsing_DNS ## Link https://cleanbrowsing.org/filters/#step3 ## Type of analyzer like the other DNS services. They provide only DNS services with filter. For us it would be enough to connect...
## Name UltraDNS ## Link https://www.publicdns.neustar/ ## Type of analyzer similar to the other DNS analyzers. If does filter some malicious domains so we should create 2 different analyzers based...
## Name Greynoise_Labs ## Link https://www.greynoise.io/blog/labs-api-its-playtime ## Type of analyzer observable for IP only. It should extract the data from all the available queries that support IP addresses: * noiseRank...
## Name UnpacMe_Search ## Link https://www.unpac.me/search ## Type of analyzer observables -> for hashes (detect the hash and search for it), for domains/IP (via c2 query), ## Why should we...
## Name Permhash ## Link https://www.mandiant.com/resources/blog/permhash-no-curls-necessary ## Type of analyzer file based ## Why should we use it it could be used for hunting purposes on apk and chrome extensions...
## Name Hfinger ## Link https://github.com/CERT-Polska/hfinger ## Type of analyzer file analyzer, supports for PCAPs only ## Why should we use it It is a cool tool to create fingerprints...