Every day we come to know about cyber crimes. A hacker with bad intention send the links or file or both to gain access or data from the user for their next move. In cyber security, threat intelligence helps a lot to find possible threats. When it comes to the daily life of normal users it becomes hard for people to find out which link or file is not for them. Most of the cases are of phishing. Criminals lure people by presenting tremendous gifts or rewards and persuading them to do some tasks like downloading some kind of files or applications and providing them with their data like account number, email credentials, net banking credentials, OTP and other information. Users should know how to detect them and for this, there are some tools. In this blog, I am writing about some tools that users can use to search for threats.
There are many tools on the internet to use but here I consider the widely used threat intelligence tools.
Threat Intelligence Tools
VIRUSTOTAL
urlscan.io
PhishTool
URLhaus
VIRUSTOTAL:
VirusTotal is a simple and goto web application which is good for analysing suspicious files, IP addresses, URLs, domains and hash values. It is widely used in threat intelligence. When you visit the website you will see it has three sections “FILE”, “URL”, and “SEARCH”. You can simply drag and drop the file and it will show the results. Virustotal uses a prebuilt database and security vendor’s analysis to check whether the sample file or URL is malicious or not.
If someone sends you any file and you are not sure whether it is malicious or not then upload it and let Virustotal detect it.
If someone sends you a suspicious URL then copy it carefully(don’t click on the URL) and paste it into the “URL” section on the website and search.
If you find some suspicious IP address, domain or hash then you can also use virustotal to find it.
URLSCAN.IO:
urlscan.io is for detecting URLs. If you get any suspicious link then you can upload it on this website and it will give information about that link. This website gives information about the domain like IP details, links on the website, redirects, certs, and other useful details.
Urlscan io website:
PhishTool:
Phishtool provides reverse engineering of phishing emails. It comes as two products- PhishTool Community and PhishTool Enterprise. PhishTool Community gives free support to analyze phishing emails. For this, you have to create a user ID.
Click on “Get PhishTool now for free” or visit https://app.phishtool.com/sign-up/community
Now create a login account and log in. Email should be in .eml or .txt format to upload on PhishTool. To analyse you have to upload an email. You can download your email by following this.
How to download email from Gmail?
URLhaus:
This is used to search for malicious URLs. If you get any suspicious links you can search for them on URLhaus. URLhaus uses the database that is created to detect malicious links.
Click on the "URLhaus database" button. Now enter the suspicious URL and click on the "Search" button. you can also contribute to the URLhaus database by submitting URLs, but for this, you have to log in to URLhaus with your Twitter account.
URLhaus website:
There are other open-source tools users can consider based on their needs. Keep yourself updated about the latest cybercrime and its modus operandi. Never trust the links or files sent by an unknown person or organisation.
Kindly share your views.
Thanks for reading.