Browser based analysis · static analysis · SOC analyst training

Analyze suspicious files locally in your browser.

ThreatRecon.io helps analysts perform static malware triage, IOC extraction, MITRE ATT&CK mapping, YARA style rule drafting, Sigma style detection drafting, and analyst reporting without sample uploads or account requirements.

  • malware triage
  • threat hunting
  • IOC extraction
  • YARA drafts
  • Sigma drafts
Open AnalyzerRead Security Model
ThreatRecon.io was built by Andre Boone.

Static Analysis

Review headers, strings, entropy, imports, sections, suspicious APIs, and local hashes without executing the artifact.

IOC Extraction

Extract domains, URLs, IPs, hashes, registry keys, file paths, mutexes, and other analyst indicators for validation.

Detection Drafting

Create YARA and Sigma style drafts from local findings, then review and tune them before production use.

Threat Hunting

Generate Splunk, Defender KQL, Elastic, blocklist, and EDR hunt outputs from the same browser based analysis.

ThreatRecon.io

Static Malware Analysis

ThreatRecon.io is a browser based static malware triage workbench built for safe first pass analysis of suspicious scripts, logs, IOCs, command lines, and text artifacts. It helps analysts perform local file analysis, extract indicators, identify suspicious behaviors, map findings to MITRE ATT&CK, decode obfuscated content, generate draft YARA and Sigma rules, and prepare analyst reporting for review.

All analysis is performed locally in the browser. ThreatRecon does not upload samples, execute files, detonate malware, or submit artifacts to third party services automatically. External sandbox and reputation links are manual analyst pivots only.

IOC Extraction and Threat Hunting

Extract indicators and generate safe threat hunting output for Splunk, Defender KQL, Elastic, DNS, firewall, and EDR workflows.

Reverse Engineering Support

Review strings, entropy, PE headers, imports, sections, suspicious APIs, deobfuscation output, and tool guidance for authorized analysis.

Privacy and Safety

Files stay in the browser. ThreatRecon does not require accounts, logins, sample uploads, or automatic artifact submission.

Workflow

How It Works

01

Drop a suspicious file locally

02

Review headers, strings, entropy, imports, sections, and suspicious APIs

03

Map evidence to MITRE ATT&CK behavior

04

Export analyst notes, IOCs, YARA drafts, Sigma drafts, and reports

Trust Boundary

Known Limitations

ThreatRecon.io provides static analysis assistance and analyst training workflows. Static analysis can identify suspicious indicators, strings, file traits, and behavior patterns, but results should be reviewed by a human analyst and should not be treated as a complete malware verdict by themselves.