Welcome to "EasyThreatFile"

This tool is designed to help SOC Analysts and Incident Responders gather data around a target file or file hash. Many times we might not have anutomated systems enriching files detected in alerts or found within investigations. This tool will allow you to parse through multiple resources quickly, and gather the data you need. For more details on the tools and others, check out the following pages of my Gitbook:

S0cm0nkey's Security Reference Guide: Threat Data
S0cm0nkey's Security Reference Guide: Sandboxing
S0cm0nkey's Security Reference Guide: File Analysis

**Note: You must allow popups from this page for this tool to work correctly**

Blue: Single Tools, Green: Launches Multiple Tools, Red: Requires Manual Input, Yellow: Manual Input Multiple Objects


File Data Tools: These are tools are cyber search tools that allow the search of different types of objects and returns various points of enriched data for them. For these you can search either a file name or a file hash.




File Hash Tools: These are tools are cyber search tools that allow the search of various file hashes and returns reputation and context data. Note: Certain tools only accept certain file hashes.




File Identification: These are tools that take a file name and search a detailed repository of identified binaries. Successful searches will return various data points such as known good hashes and file paths.




Sandbox Reports: Sandbox utilities allow dynamic and static analysis of various files in a safe environment. We can also review public sandbox reports for any previous analysis performed on our target file. Start by looking for public reports on your target file name or hash. If it has not been seen previously, you can submit the file for analysis and recieve a detailed report.

**Note: Do not submit any file to a public sandbox if it might contain Personally Identifiable Informaiton (PII). Use local sandbox tools to prevent possible data disclosure.**




Threat Intelligence Platforms: These are platforms with vast intelligence on various indicators. Some have a portal for accessing some intelligence for free.