The Intel Owl consists of outsiders analysts that can perform operations to retrieve data from external sources (such as VirusTotal or AbuseIPDB) or to generate information from internal analysts (such as Yara or Oletools)
This solution is for anyone who needs a single program to request information about a specific file or something noteworthy (domain, IP, URL, hash).
Main characteristics:
- Full Django-python application
- Easily and fully customizable, both the API and its parsers
- Clone the project, adjust the configuration and you are ready to run it
Free indoor modules are available
- Static Document Analysis
- Static RTF Analysis
- Static analysis PDF
- Static PE Analysis
- Analysis of static general files
- PE signature verification
Free modules that require additional configuration
- Cuckoo (απαehί τουλάχιστον μία παρουσία Cuckoo που λειτουργεί)
- MISP (requires at least one working MISP presence)
- Yara (Neo23x0 and Intezer are already available. There is an opportunity to add your own rules)
Available external services
required api key or test api
- GreyNoise v2
required API key for paid or free
- VirusTotal v2 + v3
- Hybrid analysis
- Intezer
- Farsight DNS DB
- io - Hunting via email
- BRIDE
- io
- security trails
free api key required
- GoogleSafeBrowsing
- IPDB abuse
- Shodan
- HoneyDB
- AlienVault OTX
- MaxMind
- Auth0
required access request
- CIRCL PassiveDNS + PassiveSSL
without api key
- Fortiguard URL Analyzer
- GreyNoise Alpha API v1
- Talos Reputation
- Project Tor
- Robex
- Threatminer
- ch MalwareBazaar
- ch URLhaus
- Active DNS
Application snapshots
Information on installing and using the program, you will find here.
