Threatsniper (Formerly - ThreatInvestigator)

Discussion in 'other anti-malware software' started by svenfaw, Mar 10, 2021.

  1. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    This will be the main thread for ThreatInvestigator, which is an upcoming security tool intended for malware analysts and quick incident response.

    appcap1615397372.png


    It provides a unified view of the following information in one single tool,
    speeding up identification of threats and remediation of potential incidents:

    Outbound connections per process
    Cloud-based reputation checks
    Advanced IP address to hostname matching
    Integrated VirusTotal process lookups
    Integrated VirusTotal IP address lookups
    VirusTotal lookups in airgapped machines (!)
    Instant toggling up/down status of all network interfaces
    (Additional modules are in the pipeline)

    A couple of free licenses will soon be available for early Wilders users.
     
    Last edited: Mar 12, 2021
  2. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,059
    Looks interesting!

    How do we apply for that?
     
  3. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    398
    Location:
    router
    cool thanks
     
  4. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,964
    Location:
    Poland - Cracow
    Is it not similar to CrowdInspect?
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    Count me in please
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,620
    Location:
    U.S.A. (South)
    Interesting project. Thanks for the heads up
     
  7. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,572
    This does look interesting. I think it's a good addition to any existing security setup.
     
  8. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    2,080
    Location:
    Canada
    @svenfaw - Nice! Very useful

    Thanks for Posting!
     
  9. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Thanks. I will post more details about this in the next few days.
     
  10. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Interesting - I was not aware of that tool, thanks for bringing it to my attention. Although both applications do seem to be in the same category, some features of ThreatInvestigator have a more targeted and forensic approach, with a specific focus at helping analysts (and advanced users) quickly evaluate and respond to potential threats.
     
  11. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    First public version coming soon!
    One more screenshot:

    appcap1615847502.png


    5 free one-year licenses will be offered to early Wilders users. To qualify, just send me a PM, briefly explaining in what context you will use the application, and why you believe you may find it interesting.
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,964
    Location:
    Poland - Cracow
    Thanks for reply :) Both apps can be very useful in right hands.
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,620
    Location:
    U.S.A. (South)
    How bout a trial version? Not encouraging mass distribution but..........why not.
     
  14. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Release candidate 1 is available at https://www.metasudo.com/.

    Note that the build is time-limited but another build will be available in the next few days.

    Thanks for trying it. Bug reports, general feedback and feature suggestions are more than welcome.

    Note: The first general release version is scheduled to ship about a month from now (and the free one-year licenses will then be provided to the users who have requested them).
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    Thank you
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,620
    Location:
    U.S.A. (South)
    Think this is going to be very useful. Appreciate the efforts.
     
  17. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,960
    Just ran it short time ago. Looks like I have no threats on my system.
     

    Attached Files:

  18. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,960
    Seems to connect to: ghs-vip-any-c46.ghs-ssl.googlehosted.com

    ThreatInvestigator_02.JPG
     
  19. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    That's VirusTotal:

    forwilders.png
     
  20. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Could you confirm if the screenshot was taken after pressing the Scan button?
     
  21. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,960
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,960
    Must have been before, but here is one taken "after pressing the Scan button".

    ThreatInvestigator_03.JPG
     
  23. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,059
    Nice! (No issues here; everything whitelisted or 0/73, 0/74, 0/75 on VirusTotal)

    Will the name be ThreatInvestigator or ThreatSniper?
     
  24. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    ThreatSniper - ThreatInvestigator was a little too long to my liking.


    I am considering adding support for an "imphash" column. And many other features are in the pipeline!
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,620
    Location:
    U.S.A. (South)
    Good to learn of. Wish you success and satisfaction. Again I say, really useful and interesting stats.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.