diff --git a/Tools.md b/Tools.md
index f7ddc98..b27f8c7 100644
--- a/Tools.md
+++ b/Tools.md
@@ -955,6 +955,27 @@ Downloads albums in bulk.
 **[`^        back to top        ^`](#)**
 
 
+## VirusTotal alternatives
+
+Overall strategy:
+* Diversify your analysis approach.
+* Don't rely on the results from a single tool.
+* Run everything with as few privileges as necessary.
+* APT investigations must be seperated from commodity malware, otherwise you give malware authors "ideas".
+* Treat everything like it could be malicious until you have enough evidence to suggest otherwise.
+
+
+- [Any-Run](https://anonym.to/?https://any.run/) - Run files in a sandbox.
+- [Thread Minder](https://www.threatminer.com/) - Allow analysts to find additional information on indicators of compromise (IOC) such as domain names, IP's and more.
+- [ThreatCrowd](https://www.threatcrowd.com/) - Search engine for threats, show correlations of submitted entries eg IP, hashes, domains etc
+- [URLScan](https://anonym.to/?https://urlscan.io/) - Check the website.
+- [Sooty](https://anonym.to/?https://github.com/TheresAFewConors/Sooty) - SOC Analyst Tool.
+- [CheckIP](https://anonym.to/?https://threatstop.com/checkip) - Free resource for checking rep on IPs/CIDRs and domains.
+- [Hybrid-Analysis](https://anonym.to/?https://www.hybrid-analysis.com/) - [alternative](https://anonym.to/?hhttps://app.sndbox.com/) - The free version is normally good enough.
+
+
+**[`^        back to top        ^`](#)**
+
 ## WordPress login bruteforcer
 - [wpbrute-rs](https://anonym.to/?https://github.com/leo-lb/wpbrute-rs) - High performance WordPress login bruteforcer with automatic concurrency for maximum amount of tries per second.