Merge pull request #70 from hslatman/hs_january

Add contributions of @sduff and fix issues
This commit is contained in:
Herman Slatman 2017-01-28 12:02:12 +01:00 committed by GitHub
commit cccbe9a5dd
2 changed files with 66 additions and 2 deletions

View File

@ -4,4 +4,4 @@ rvm:
before_script: before_script:
- gem install awesome_bot - gem install awesome_bot
script: script:
- awesome_bot README.md --white-list CONTRIBUTING.md,https://www.threatcrowd.org/,https://intel.deepviz.com/recap_network.php,https://www.fireeye.com/services/freeware/ioc-editor.html,https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf,http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf,http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://sslbl.abuse.ch/,https://soltra.com/,https://cryptome.org/2015/09/cti-guide.pdf,https://intel.criticalstack.com/,https://car.mitre.org/wiki/Main_Page,http://dx.doi.org/10.6028/NIST.SP.800-150,https://bitbucket.org/camp0/aiengine,https://www.abuse.ch/,https://www.recordedfuture.com/,https://isc.sans.edu/suspicious_domains.html - awesome_bot README.md --white-list CONTRIBUTING.md,https://www.threatcrowd.org/,https://intel.deepviz.com/recap_network.php,https://www.fireeye.com/services/freeware/ioc-editor.html,https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf,http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf,http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://sslbl.abuse.ch/,https://soltra.com/,https://cryptome.org/2015/09/cti-guide.pdf,https://intel.criticalstack.com/,https://car.mitre.org/wiki/Main_Page,http://dx.doi.org/10.6028/NIST.SP.800-150,https://bitbucket.org/camp0/aiengine,https://www.abuse.ch/,https://www.recordedfuture.com/,https://isc.sans.edu/suspicious_domains.html,http://danger.rulez.sk/projects/bruteforceblocker/blist.php

View File

@ -19,6 +19,14 @@ Some consider these sources as threat intelligence, opinions differ however.
A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence. A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence.
<table> <table>
<tr>
<td>
<a href="http://s3.amazonaws.com/alexa-static/top-1m.csv.zip" target="_blank">Alexa Top 1 Million sites</a>
</td>
<td>
Probable Whitelist of the top 1 Million sites from Amazon(Alexa).
</td>
</tr>
<tr> <tr>
<td> <td>
<a href="https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml" target="_blank">APT Groups and Operations</a> <a href="https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml" target="_blank">APT Groups and Operations</a>
@ -51,6 +59,38 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
Tracks several active botnets. Tracks several active botnets.
</td> </td>
</tr> </tr>
<tr>
<td>
<a href="http://danger.rulez.sk/projects/bruteforceblocker/" target="_blank">BruteForceBlocker</a>
</td>
<td>
BruteForceBlocker is a perl script that monitors a server's sshd logs and identifies brute force attacks, which it then uses to automatically configure firewall blocking rules and submit those IPs back to the project site, <a href="http://danger.rulez.sk/projects/bruteforceblocker/blist.php">http://danger.rulez.sk/projects/bruteforceblocker/blist.php</a>.
</td>
</tr>
<tr>
<td>
<a href="http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt" target="_blank">C&amp;C Tracker</a>
</td>
<td>
A feed of known, active and non-sinkholed C&amp;C IP addresses, from Bambenek Consulting.
</td>
</tr>
<tr>
<td>
<a href="http://cinsscore.com/list/ci-badguys.txt" target="_blank">CI Army List</a>
</td>
<td>
A subset of the commercial <a href="http://cinsscore.com/">CINS Score</a> list, focused on poorly rated IPs that are not currently present on other threatlists.
</td>
</tr>
<tr>
<td>
<a href="http://s3-us-west-1.amazonaws.com/umbrella-static/index.html" target="_blank">Cisco Umbrella</a>
</td>
<td>
Probable Whitelist of the top 1 million sites resolved by Cisco Umbrella (was OpenDNS).
</td>
</tr>
<tr> <tr>
<td> <td>
<a href="https://intel.criticalstack.com/" target="_blank">Critical Stack Intel</a> <a href="https://intel.criticalstack.com/" target="_blank">Critical Stack Intel</a>
@ -171,6 +211,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention (sinkholing DNS requests). The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention (sinkholing DNS requests).
</td> </td>
</tr> </tr>
<tr>
<td>
<a href="http://www.openbl.org/lists.html" target="_blank">OpenBL.org</a>
</td>
<td>
A feed of IP addresses found to be attempting brute-force logins on services such as SSH, FTP, IMAP and phpMyAdmin and other web applications.
</td>
</tr>
<tr> <tr>
<td> <td>
<a href="https://openphish.com/phishing_feeds.html" target="_blank">OpenPhish Feeds</a> <a href="https://openphish.com/phishing_feeds.html" target="_blank">OpenPhish Feeds</a>
@ -213,6 +261,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
A database of signatures used in other tools by Neo23x0. A database of signatures used in other tools by Neo23x0.
</td> </td>
</tr> </tr>
<tr>
<td>
<a href="https://www.spamhaus.org/" target="_blank">The Spamhaus project</a>
</td>
<td>
The Spamhaus Project contains multiple threatlists associated with spam and malware activity.
</td>
</tr>
<tr> <tr>
<td> <td>
<a href="https://sslbl.abuse.ch/" target="_blank">SSL Blacklist</a> <a href="https://sslbl.abuse.ch/" target="_blank">SSL Blacklist</a>
@ -221,6 +277,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
SSL Blacklist (SSLBL) is a project maintained by abuse.ch. The goal is to provide a list of "bad" SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists SSL Blacklist (SSLBL) is a project maintained by abuse.ch. The goal is to provide a list of "bad" SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists
</td> </td>
</tr> </tr>
<tr>
<td>
<a href="https://statvoo.com/dl/top-1million-sites.csv.zip" target="_blank">Statvoo Top 1 Million Sites</a>
</td>
<td>
Probable Whitelist of the top 1 million web sites, as ranked by Statvoo.
</td>
</tr>
<tr> <tr>
<td> <td>
<a href="https://strongarm.io" target="_blank">Strongarm, by Percipient Networks</a> <a href="https://strongarm.io" target="_blank">Strongarm, by Percipient Networks</a>