Search

Malware Sample OSINT Tools

Submit a suspicious file and these OSINT tools detonate it in a sandbox, extract indicators, and match it against known families and campaigns. They are the backbone of CTI and incident-response workflows. Here are the 45 tools that take a malware sample as input.

45tools
Browse with filters
MITRE ATT&CK icon

MITRE ATT&CK

Adversary tactics and techniques knowledge base

FreeOSSWebAPI
IN
OUT
VirusTotal icon

VirusTotal

Analyze files, URLs, domains, and IPs

FreemiumWebAPI
IN+2
OUT+1
ANY.RUN icon

ANY.RUN

an interactive malware sandbox for analyzing suspicious files, URLs, and netw

FreemiumWeb
IN
OUT
APKLab icon

APKLab

VSCode extension for Android RE workflow

FreeOSSDesktop App
IN
OUT
Androbugs Framework icon

Androbugs Framework

Android vulnerability scanner

FreeOSSCLI
IN
OUT
Apktool icon

Apktool

Android APK reverse-engineering toolkit

FreeOSSCLI
IN
OUT
Autopsy icon

Autopsy

a digital forensics platform for investigating disk images, filesystems, and

FreeOSSCLI
IN
OUT
CAPEv2 icon

CAPEv2

CAPE malware sandbox (Cuckoo fork)

FreeOSSCLIWeb
IN
OUT
Cuckoo Sandbox icon

Cuckoo Sandbox

Open-source automated malware sandbox

FreeOSSCLIWeb
IN
OUT
Cutter icon

Cutter

Open-source GUI reverse-engineering tool

FreeOSSDesktop App
IN
OUT
DRAKVUF Sandbox icon

DRAKVUF Sandbox

Agentless Xen-based malware sandbox

FreeOSSCLIWeb
IN
OUT
Detect It Easy icon

Detect It Easy

Packer and signature detector for binaries

FreeOSSDesktop AppCLI
IN
OUT
Drozer icon

Drozer

Android security assessment framework

FreeOSSCLI
IN
OUT
Exodus Privacy icon

Exodus Privacy

Android APK tracker and permission scanner

FreeOSSWebAPI
IN
OUT
FAME icon

FAME

Malware-analysis orchestration framework

FreeOSSWebAPI
IN
OUT
FLOSS icon

FLOSS

a FLARE tool for extracting obfuscated strings from malware and suspicious bi

FreeOSSCLI
IN
OUT
FileScan.io icon

FileScan.io

OPSWAT free public file and URL sandbox

FreemiumWebAPI
IN
OUT
Frida icon

Frida

Cross-platform dynamic instrumentation toolkit

FreeOSSCLI
IN
OUT
Ghidra icon

Ghidra

NSA open-source reverse-engineering suite

FreeOSSDesktop App
IN
OUT
Hatching Triage icon

Hatching Triage

a malware sandbox for analyzing files, URLs, configurations, and behavioral i

FreemiumWeb
IN
OUT
Hybrid Analysis icon

Hybrid Analysis

a malware analysis platform that runs files and URLs in sandbox environments

FreemiumWeb
IN
OUT
Imunify360 Sandbox icon

Imunify360 Sandbox

Palo Alto WildFire malware analysis portal

PaidWebAPI
IN
OUT
Intezer Analyze icon

Intezer Analyze

a malware analysis platform that classifies files, code reuse, and threat rel

FreemiumWeb
IN
OUT
Joe Sandbox icon

Joe Sandbox

a malware analysis sandbox for dynamic and static investigation of files, URL

FreemiumWeb
IN
OUT
Jotti's malware scan icon

Jotti's malware scan

Scans an uploaded file with multiple antivirus engines

FreeWeb
IN
OUT
Koodous icon

Koodous

Android malware intelligence platform

FreemiumWebAPI
IN
OUT
Malpedia icon

Malpedia

Malware-family encyclopedia with YARA rules and actor links

FreeWebAPI
IN
OUT
MalwareBazaar icon

MalwareBazaar

an abuse.ch malware sample exchange for searching hashes, tags, families, and

FreeWeb
IN
OUT
MobSF icon

MobSF

Open-source mobile app security framework

FreeOSSCLIWeb
IN
OUT
Mobile Verification Toolkit icon

Mobile Verification Toolkit

a mobile forensics toolkit for checking Android and iOS devices for compromis

FreeOSSCLI
IN
OUT
OWASP Mobile Security Testing Guide icon

OWASP Mobile Security Testing Guide

OWASP mobile app security testing guide

FreeOSSWeb
IN
OUT
Objection icon

Objection

Frida-based mobile exploration toolkit

FreeOSSCLI
IN
OUT
Polyswarm icon

Polyswarm

Decentralized multi-engine TI marketplace

FreemiumOSSWebAPI
IN
OUT
Quark Engine icon

Quark Engine

Android malware threat scoring engine

FreeOSSCLI
IN
OUT
Rizin icon

Rizin

Maintained fork of radare2

FreeOSSCLI
IN
OUT
URLhaus icon

URLhaus

an abuse.ch project tracking malware URLs, payload delivery sites, and relate

FreeWeb
IN
OUT
UnpacMe icon

UnpacMe

Automatically unpack malware samples and extract payloads

FreemiumWebAPI
IN
OUT
VMRay icon

VMRay

Hypervisor-based malware sandbox producing IOC reports

PaidWebAPI
IN
OUT
Volatility 3 icon

Volatility 3

a memory forensics framework for analyzing volatile memory images and artifac

FreeOSSCLI
IN
OUT
YARA icon

YARA

a pattern matching engine for identifying malware families and binary artifac

FreeOSSCLI
IN
OUT
YARAify icon

YARAify

Community YARA hunting service

FreeWebAPI
IN
OUT
capa icon

capa

a FLARE tool that detects capabilities in executables using static analysis r

FreeOSSCLI
IN
OUT
jadx icon

jadx

Java and Android APK decompiler

FreeOSSDesktop AppCLI
IN
OUT
pestudio icon

pestudio

Windows PE static-analysis triage tool

FreemiumDesktop App
IN
OUT
radare2 icon

radare2

Open-source reverse-engineering framework

FreeOSSCLIDesktop App
IN
OUT

Find specific data from malware sample

Report / Summary35IOC (Indicator of Compromise)31

Investigate by other data types

Email AddressPhone NumberUsernameReal NameIP AddressDomain NameCryptocurrency WalletImage / PhotoURLHash (MD5/SHA)Company Name