Browser based analysis · static analysis · SOC analyst training

Analyze suspicious files locally in your browser.

ThreatRecon.io helps analysts perform static malware triage, IOC extraction, MITRE ATT&CK mapping, YARA style rule drafting, Sigma style detection drafting, and analyst reporting without sample uploads or account requirements.

  • malware triage
  • threat hunting
  • IOC extraction
  • YARA drafts
  • Sigma drafts
Open AnalyzerRead Security Model
ThreatRecon.io was built by Andre Boone.

Static Analysis

Review headers, strings, entropy, imports, sections, suspicious APIs, and local hashes without executing the artifact.

IOC Extraction

Extract domains, URLs, IPs, hashes, registry keys, file paths, mutexes, and other analyst indicators for validation.

Detection Drafting

Create YARA and Sigma style drafts from local findings, then review and tune them before production use.

Threat Hunting

Generate Splunk, Defender KQL, Elastic, blocklist, and EDR hunt outputs from the same browser based analysis.

Public Sections

Explore ThreatRecon.io

Analyzer

Open the ThreatRecon.io browser based malware triage analyzer for local file analysis, IOC extraction, YARA drafts, Sigma drafts, and analyst reporting.

Threat KB

ThreatRecon.io threat knowledge base for defensive malware triage notes, MITRE ATT&CK behavior summaries, and detection opportunities.

RE Tools

Free reverse engineering tool references for static analysis, strings review, PE triage, debugging preparation, and defensive malware analysis workflows.

Cheat Sheet

ThreatRecon.io analyst cheat sheet for malware triage commands, IOC review, detection engineering, and reverse engineering preparation.

Sandboxes

Dynamic analysis and sandbox handoff guidance for validating local static malware triage results in authorized defensive workflows.

About

About ThreatRecon.io, a browser based static malware triage and detection engineering workbench for authorized defensive analysis.

Security

ThreatRecon.io security model, local file analysis design, no account requirement, responsible use, and known limitations.

ThreatRecon.io

Static Malware Analysis

ThreatRecon.io is a browser based static malware triage workbench built for safe first pass analysis of suspicious scripts, logs, IOCs, command lines, and text artifacts. It helps analysts perform local file analysis, extract indicators, identify suspicious behaviors, map findings to MITRE ATT&CK, decode obfuscated content, generate draft YARA and Sigma rules, and prepare analyst reporting for review.

All analysis is performed locally in the browser. ThreatRecon does not upload samples, execute files, detonate malware, or submit artifacts to third party services automatically. External sandbox and reputation links are manual analyst pivots only.

IOC Extraction and Threat Hunting

Extract indicators and generate safe threat hunting output for Splunk, Defender KQL, Elastic, DNS, firewall, and EDR workflows.

Reverse Engineering Support

Review strings, entropy, PE headers, imports, sections, suspicious APIs, deobfuscation output, and tool guidance for authorized analysis.

Privacy and Safety

Files stay in the browser. ThreatRecon does not require accounts, logins, sample uploads, or automatic artifact submission.

Workflow

How It Works

01

Drop a suspicious file locally

02

Review headers, strings, entropy, imports, sections, and suspicious APIs

03

Map evidence to MITRE ATT&CK behavior

04

Export analyst notes, IOCs, YARA drafts, Sigma drafts, and reports

Privacy and Safety

Browser based static analysis

Files are processed locally in your browser and are not uploaded to ThreatRecon.io.

ThreatRecon.io is designed for browser based static analysis. Files are not uploaded to ThreatRecon.io. The platform does not require an account, does not require a login, and does not collect submitted samples.

Responsible Use

Defensive use disclaimer

ThreatRecon.io is built for defensive security education, malware triage practice, and analyst workflow training. Users are responsible for using the platform legally and ethically.

Walkthrough

Static Malware Triage Walkthrough

The safe sample invoice_update.exe demonstrates how an analyst reviews strings, suspicious APIs, IOCs, entropy, MITRE ATT&CK behavior, and final reporting. It uses placeholder training content only, with no live infrastructure or sensitive identifiers.

Output Preview

Visual proof placeholders

Analyzer Overview

Score, verdict, static metadata, and workflow summary.

IOC Extraction

Structured indicators with actionability and hunt context.

MITRE ATT&CK Mapping

Tactics, techniques, evidence, confidence, and detection ideas.

YARA Draft

Analyst-reviewed draft rule generated from static findings.

Sigma Draft

Experimental detection logic for command line and registry behavior.

Analyst Report Export

Markdown, JSON, IOC CSV, blocklist, YARA, and Sigma outputs.

Trust Boundary

Known Limitations

ThreatRecon.io provides static analysis assistance and analyst training workflows. Static analysis can identify suspicious indicators, strings, file traits, and behavior patterns, but results should be reviewed by a human analyst and should not be treated as a complete malware verdict by themselves.