AlienVault OTX
create account t oexport ICO's
ThreatMiner - like OTX but smaller and not browseable
Malware Corpus tracker.h3x.eu
Dumps of sandbox data as csv. Takes requests
www.hybrid-analysis.com
malwr.com
camas.comodo.com
zeltser.com/automated-malware-analysis
IOC Trackers
www.webiron.com/abuse_feed can export to json
www.blueliv.com like OTX
cybertracker.malwarehunterteam.com
malwaredb.maleka.com
vxvault.net/ViriList.php
www.iocbucket.com
virusshare.com requires invite.
contagiodump.blogspot.com
postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-lazy/
PASSIVE DNS
OpenDNS Investigate
FREE versions
passivedns.mnemonic.no
www.bfk.de/bfk_dnslogger.html no API
PassiveTotal
VirusTotal
Circl.lu Luxumberg. subject to approval
Passive Info Gathering
shodan.io
censys.io
Get whois data consistently
www.team-cymru.org/IP-ASN-mapping.html
www.shadowserver.org/wiki/pmwiki.php/Services/IP-BGP
File analysis
Use VT Intelligence - find similar-to's
Real-time and retroactive seach for samples via yara
VT Intel + yara rules for RATs + BAMFDetect (pulls config from RATs)(github)
Seeking People OSINT
- Lullar.com
- Tineye
- yasni
- Namech_k
- alumni.net
- anywho
- zoominfo
- infabel
- tweepz
- intellgator
- radaris
- skipease
- usidentify
- pipl
- peekyou
- people-finders.ws
- peoplesmart
- searchsystems.net
- wink
- spokeo
- privateEye
- beenverified
- intelius
- mylife
- findermind
- lookupanyone
- Voter registration