Overall strategy:
- Diversify your analysis approach.
- Don't rely on the results from a single tool.
- Run everything with as few privileges as necessary.
- APT investigations must be seperated from commodity malware, otherwise you give malware authors "ideas".
- Treat everything like it could be malicious until you have enough evidence to suggest otherwise.
- Any-Run - Run files in a sandbox.
- Thread Minder - Allow analysts to find additional information on indicators of compromise (IOC) such as domain names, IP's and more.
- ThreatCrowd - Search engine for threats, show correlations of submitted entries eg IP, hashes, domains etc
- URLScan - Check the website.
- Sooty - SOC Analyst Tool.
- CheckIP - Free resource for checking rep on IPs/CIDRs and domains.
- Hybrid-Analysis - alternative - The free version is normally good enough.