ThreatSTOP security analysts work around the clock to ensure our threat intelligence include the most relevant and critical indicators of compromise (IOCs). Their analysis and research ensures TS block these IOCs and by extension protect customers from the vast spectrum of cyber threats and related infrastructure. We've asked our analysts to share their favorite free analysis tools for every step of the threat analysis journey, as well as tips and analysis use cases on infamous malware variants. You can view all this awesome info in our Open Source Analysis Tools Infographic, or below in our more extensive blog series. 

VirusTotal is a great analysis platform for enriching data on IOCs and finding related malicious infrastructure. VT inspects IOCs with over 70 antivirus scanners and URL/domain blacklisting services. The platform offers a search engine for previously scanned items, as well as a number of URL and file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API.

In our opinion, VT's holy grail is its awesome VT Graph - a dynamic threat relations visualization, allowing users to view information about each entity, pivot over data points, edit the graph, and add new nodes. Users can also save their graphs and download the node list.

Check IOC is a security research tool that provides rich metadata, passive DNS and aggregated threat intelligence on IPs and domains. Check IOC also shows exclusive threat intelligence data provided by ThreatSTOP on over 24 million known malicious indicators from our database. Using Check IOC, you can search IPs and domains to vet their maliciousness, get more information on suspicious IOCs, or even upload your logs to see if threat actors are communicating with your network.

We are glad to announce that we have just launched a new and upgraded Check IOC tool! Features that were previously reserved for our Premium Portal and API users now have been added to the free version. The new Check IOC also sports an updated interface, smoother UX, and a more generous limit of 25 free lookups a day.

Wondering what our readers were most interested in over the past year? Wonder no more! We've rounded up our most read articles of the year to save you time. Wrapping up the worldwide roller coaster that was 2020, we wish we were feeling a little more nostalgic. Covid-19 came in like a tornado and changed up our daily lives as we knew them. The security industry, accordingly, also had to change mindsets and processes to adjust to a new, distributed-access-focused reality.

The Best, according to you:

Making connections and finding new indicators is an important part of IOC analysis, and is probably the most enjoyable part as well. Blog posts and reports on new threats will usually mention the indicators seen to be used by the specific malware sample or attack vector analyzed, yet in many cases there is a larger malicious infrastructure behind them just waiting to be uncovered (and blocked!). Sometimes, a whole other malicious infrastructure can be revealed by examining IOCs related to malicious IPs and domains. There are a variety of tools out there that can help analysts investigate indicators of compromise and their infrastructure, and perform enrichment to shed light on related, malicious IOCs.

In this post, we will review some of our Security Research Team’s favorite connection and enrichment platforms.