The Intel Owl consists of outsiders analysts that operations can be performed on recovery δεδομένων από εξωτερικές πηγές (όπως VirusTotal ή AbuseIPDB) ή για τη creation information from internal analysts (such as Yara or Oletools)
This solution is for anyone who needs a single program to request information about a specific file or something noteworthy (domain, IP, URL, hash).
Main characteristics:
- Full Django App-python
- Easily and fully customizable, both the API and its parsers
- Clone the project, adjust the configuration and you are ready to run it
Free indoor modules are available
- Static Document Analysis
- Static RTF Analysis
- Static PDF analysis
- Static PE Analysis
- Analysis of static general files
- PE signature verification
Free modules that require additional configuration
- Cuckoo (requires at least one Cuckoo presence to work)
- MISP (requires at least one working MISP presence)
- Yara (Neo23x0 and Intezer are already available. There is an opportunity to add your own rules)
Available external services
requisite key api or test api
- GreyNoise v2
required API key for paid or free
- VirusTotal v2 + v3
- Hybrid analysis
- Intezer
- Farsight DNS DB
- io - Hunting via email
- BRIDE
- io
- security trails
free api key required
- GoogleSafeBrowsing
- IPDB abuse
- Shodan
- HoneyDB
- AlienVault OTX
- MaxMind
- Auth0
required access request
- CIRCL PassiveDNS + PassiveSSL
without api key
- Fortiguard URL Analyzer
- GreyNoise Alpha API v1
- Talos Reputation
- Project Tor
- Robex
- Threatminer
- ch MalwareBazaar
- ch URLhaus
- Active DNS
Application snapshots
Information about installation and the use of the program, you will find here.