Merge pull request #70 from hslatman/hs_january

Add contributions of @sduff and fix issues
This commit is contained in:
Herman Slatman 2017-01-28 12:02:12 +01:00 committed by GitHub
commit cccbe9a5dd
2 changed files with 66 additions and 2 deletions

View File

@ -4,4 +4,4 @@ rvm:
before_script:
- gem install awesome_bot
script:
- awesome_bot README.md --white-list CONTRIBUTING.md,https://www.threatcrowd.org/,https://intel.deepviz.com/recap_network.php,https://www.fireeye.com/services/freeware/ioc-editor.html,https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf,http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf,http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://sslbl.abuse.ch/,https://soltra.com/,https://cryptome.org/2015/09/cti-guide.pdf,https://intel.criticalstack.com/,https://car.mitre.org/wiki/Main_Page,http://dx.doi.org/10.6028/NIST.SP.800-150,https://bitbucket.org/camp0/aiengine,https://www.abuse.ch/,https://www.recordedfuture.com/,https://isc.sans.edu/suspicious_domains.html
- awesome_bot README.md --white-list CONTRIBUTING.md,https://www.threatcrowd.org/,https://intel.deepviz.com/recap_network.php,https://www.fireeye.com/services/freeware/ioc-editor.html,https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf,http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf,http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://sslbl.abuse.ch/,https://soltra.com/,https://cryptome.org/2015/09/cti-guide.pdf,https://intel.criticalstack.com/,https://car.mitre.org/wiki/Main_Page,http://dx.doi.org/10.6028/NIST.SP.800-150,https://bitbucket.org/camp0/aiengine,https://www.abuse.ch/,https://www.recordedfuture.com/,https://isc.sans.edu/suspicious_domains.html,http://danger.rulez.sk/projects/bruteforceblocker/blist.php

View File

@ -19,6 +19,14 @@ Some consider these sources as threat intelligence, opinions differ however.
A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence.
<table>
<tr>
<td>
<a href="http://s3.amazonaws.com/alexa-static/top-1m.csv.zip" target="_blank">Alexa Top 1 Million sites</a>
</td>
<td>
Probable Whitelist of the top 1 Million sites from Amazon(Alexa).
</td>
</tr>
<tr>
<td>
<a href="https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml" target="_blank">APT Groups and Operations</a>
@ -51,6 +59,38 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
Tracks several active botnets.
</td>
</tr>
<tr>
<td>
<a href="http://danger.rulez.sk/projects/bruteforceblocker/" target="_blank">BruteForceBlocker</a>
</td>
<td>
BruteForceBlocker is a perl script that monitors a server's sshd logs and identifies brute force attacks, which it then uses to automatically configure firewall blocking rules and submit those IPs back to the project site, <a href="http://danger.rulez.sk/projects/bruteforceblocker/blist.php">http://danger.rulez.sk/projects/bruteforceblocker/blist.php</a>.
</td>
</tr>
<tr>
<td>
<a href="http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt" target="_blank">C&amp;C Tracker</a>
</td>
<td>
A feed of known, active and non-sinkholed C&amp;C IP addresses, from Bambenek Consulting.
</td>
</tr>
<tr>
<td>
<a href="http://cinsscore.com/list/ci-badguys.txt" target="_blank">CI Army List</a>
</td>
<td>
A subset of the commercial <a href="http://cinsscore.com/">CINS Score</a> list, focused on poorly rated IPs that are not currently present on other threatlists.
</td>
</tr>
<tr>
<td>
<a href="http://s3-us-west-1.amazonaws.com/umbrella-static/index.html" target="_blank">Cisco Umbrella</a>
</td>
<td>
Probable Whitelist of the top 1 million sites resolved by Cisco Umbrella (was OpenDNS).
</td>
</tr>
<tr>
<td>
<a href="https://intel.criticalstack.com/" target="_blank">Critical Stack Intel</a>
@ -59,7 +99,7 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
The free threat intelligence parsed and aggregated by Critical Stack is ready for use in any Bro production system. You can specify which feeds you trust and want to ingest.
</td>
</tr>
<tr>
<tr>
<td>
<a href="https://www.c1fapp.com/" target="_blank">C1fApp</a>
</td>
@ -171,6 +211,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention (sinkholing DNS requests).
</td>
</tr>
<tr>
<td>
<a href="http://www.openbl.org/lists.html" target="_blank">OpenBL.org</a>
</td>
<td>
A feed of IP addresses found to be attempting brute-force logins on services such as SSH, FTP, IMAP and phpMyAdmin and other web applications.
</td>
</tr>
<tr>
<td>
<a href="https://openphish.com/phishing_feeds.html" target="_blank">OpenPhish Feeds</a>
@ -213,6 +261,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
A database of signatures used in other tools by Neo23x0.
</td>
</tr>
<tr>
<td>
<a href="https://www.spamhaus.org/" target="_blank">The Spamhaus project</a>
</td>
<td>
The Spamhaus Project contains multiple threatlists associated with spam and malware activity.
</td>
</tr>
<tr>
<td>
<a href="https://sslbl.abuse.ch/" target="_blank">SSL Blacklist</a>
@ -221,6 +277,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
SSL Blacklist (SSLBL) is a project maintained by abuse.ch. The goal is to provide a list of "bad" SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists
</td>
</tr>
<tr>
<td>
<a href="https://statvoo.com/dl/top-1million-sites.csv.zip" target="_blank">Statvoo Top 1 Million Sites</a>
</td>
<td>
Probable Whitelist of the top 1 million web sites, as ranked by Statvoo.
</td>
</tr>
<tr>
<td>
<a href="https://strongarm.io" target="_blank">Strongarm, by Percipient Networks</a>