Analyzing Indicators of Compromise!
Below are a series of hotlinks and short descriptions for resources for analyzing files, malware and other indicators of compromise (IOCs).
TotalHash– This site provides a static and dynamic analysis of malware samples that are inputted. (Cymru, T. (2016). IP TO ASN MAPPING. Retrieved December 26, 2016, from http://www.team-cymru.org/)
PhishEye – “PhishEye enables you to surface existing and new domains that spoof legitimate brand, product, organization, or other names so that you can carry out defensive or investigative actions against them”. (DomainTools. (2021). Retrieved June 23, 2021, from https://research.domaintools.com/phisheye/)
Port Scanner -Port Scanner is a tool that allows you to check you or someone else’s ports, and see if they are open, and what they are accountable for. (Free Web Proxy. (n.d.). Retrieved December 26, 2016, from https://incloak.com/)
HyBird Analysis – A malware analysis tool, and can take files that are either directly on your computer or online. This service uses a “Hybrid Analysis” technology to identify threats. (Payload Security. (n.d.). Retrieved December 26, 2016, from https://www.hybrid-analysis.com/)
Malware Don’t Need Coffee (MDNC) – A blog covering various malicious and phishing attacks, and tools that can be used to research such attacks. Discontinued in 2020 but remains up with all previous articles. (Malware don’t need Coffee. (n.d.). Retrieved June 23, 2021, from http://malware.dontneedcoffee.com/)
SuperTool – A tool used for searching IP, Domain, or Hostnames, and gives a wide variety of general information. The site also contains Lookup tools for many other types of information. (Network Tools: DNS,IP,Email. (n.d.). Retrieved December 26, 2016, from http://mxtoolbox.com/SuperTool.aspx)
Check IoC – A site that will scan a log file that you can upload, and will tell you if your network is infected with malware or a DNS changer. (ThreatStop. (n.d.). Retrieved June 23, 2021, from http://threatstop.com/)
VirusTotal – A highly regarded site that analyzes suspicious files or URL’s, and is able to detect and threats that they may contain. (VirusTotal – Free Online Virus, Malware and URL Scanner. (n.d.). Retrieved December 26, 2016, from https://www.virustotal.com/en/)
Zulu URL Risk Analyzer – A simple tool used for inspecting suspicious URL’s. (Zulu URL Risk Analyzer. (n.d.). Retrieved December 26, 2016, from http://zulu.zscaler.com/)
Network Tools – A tool used for finding information on IP addresses. The tool can search whois, ping, dns records, and network lookups. (Network Tools. (n.d.). Retrieved June 23, 2021, from http://network-tools.com/)
Exploit Database – ” The Exploit Database has two repositories hosted on GitHub. The main exploit database repository is updated daily and contains all of our exploit & shellcode entries sorted by platform, and the exploit database bin-sploits repository holds binary exploits and proofs of concept. ” (Search the Exploit Database. (n.d.). Retrieved December 26, 2016, from https://www.exploit-db.com/search/)