PassiveTotal partners with a number of commercial and open-source repositories of malware data in order to pair it with queried infrastructure to populate the Hash data set. This data helps analysts understand actor capabilities, intent, and motives of an attacker while also aiding in connecting infrastructure together. Each result contains a unique hash which, when clicked on, will redirect you to a report on the entity provided by the third party.
A quick overview can be found on our RiskIQ youtube.
PassiveTotal currently supports limited integration with the following Malware sources:
- Emerging Threats (Paywall)
- VirusTotal (Limited support without API key; public rate limits may apply)
- Hybrid Analysis (API key required; public rate limits apply)