mirror of
https://github.com/hslatman/awesome-threat-intelligence.git
synced 2024-12-25 05:45:28 +00:00
Merge pull request #70 from hslatman/hs_january
Add contributions of @sduff and fix issues
This commit is contained in:
commit
cccbe9a5dd
@ -4,4 +4,4 @@ rvm:
|
|||||||
before_script:
|
before_script:
|
||||||
- gem install awesome_bot
|
- gem install awesome_bot
|
||||||
script:
|
script:
|
||||||
- awesome_bot README.md --white-list CONTRIBUTING.md,https://www.threatcrowd.org/,https://intel.deepviz.com/recap_network.php,https://www.fireeye.com/services/freeware/ioc-editor.html,https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf,http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf,http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://sslbl.abuse.ch/,https://soltra.com/,https://cryptome.org/2015/09/cti-guide.pdf,https://intel.criticalstack.com/,https://car.mitre.org/wiki/Main_Page,http://dx.doi.org/10.6028/NIST.SP.800-150,https://bitbucket.org/camp0/aiengine,https://www.abuse.ch/,https://www.recordedfuture.com/,https://isc.sans.edu/suspicious_domains.html
|
- awesome_bot README.md --white-list CONTRIBUTING.md,https://www.threatcrowd.org/,https://intel.deepviz.com/recap_network.php,https://www.fireeye.com/services/freeware/ioc-editor.html,https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf,http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf,http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://sslbl.abuse.ch/,https://soltra.com/,https://cryptome.org/2015/09/cti-guide.pdf,https://intel.criticalstack.com/,https://car.mitre.org/wiki/Main_Page,http://dx.doi.org/10.6028/NIST.SP.800-150,https://bitbucket.org/camp0/aiengine,https://www.abuse.ch/,https://www.recordedfuture.com/,https://isc.sans.edu/suspicious_domains.html,http://danger.rulez.sk/projects/bruteforceblocker/blist.php
|
66
README.md
66
README.md
@ -19,6 +19,14 @@ Some consider these sources as threat intelligence, opinions differ however.
|
|||||||
A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence.
|
A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence.
|
||||||
|
|
||||||
<table>
|
<table>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<a href="http://s3.amazonaws.com/alexa-static/top-1m.csv.zip" target="_blank">Alexa Top 1 Million sites</a>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
Probable Whitelist of the top 1 Million sites from Amazon(Alexa).
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>
|
<td>
|
||||||
<a href="https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml" target="_blank">APT Groups and Operations</a>
|
<a href="https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml" target="_blank">APT Groups and Operations</a>
|
||||||
@ -51,6 +59,38 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
|
|||||||
Tracks several active botnets.
|
Tracks several active botnets.
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<a href="http://danger.rulez.sk/projects/bruteforceblocker/" target="_blank">BruteForceBlocker</a>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
BruteForceBlocker is a perl script that monitors a server's sshd logs and identifies brute force attacks, which it then uses to automatically configure firewall blocking rules and submit those IPs back to the project site, <a href="http://danger.rulez.sk/projects/bruteforceblocker/blist.php">http://danger.rulez.sk/projects/bruteforceblocker/blist.php</a>.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<a href="http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt" target="_blank">C&C Tracker</a>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
A feed of known, active and non-sinkholed C&C IP addresses, from Bambenek Consulting.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<a href="http://cinsscore.com/list/ci-badguys.txt" target="_blank">CI Army List</a>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
A subset of the commercial <a href="http://cinsscore.com/">CINS Score</a> list, focused on poorly rated IPs that are not currently present on other threatlists.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<a href="http://s3-us-west-1.amazonaws.com/umbrella-static/index.html" target="_blank">Cisco Umbrella</a>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
Probable Whitelist of the top 1 million sites resolved by Cisco Umbrella (was OpenDNS).
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>
|
<td>
|
||||||
<a href="https://intel.criticalstack.com/" target="_blank">Critical Stack Intel</a>
|
<a href="https://intel.criticalstack.com/" target="_blank">Critical Stack Intel</a>
|
||||||
@ -59,7 +99,7 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
|
|||||||
The free threat intelligence parsed and aggregated by Critical Stack is ready for use in any Bro production system. You can specify which feeds you trust and want to ingest.
|
The free threat intelligence parsed and aggregated by Critical Stack is ready for use in any Bro production system. You can specify which feeds you trust and want to ingest.
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>
|
<td>
|
||||||
<a href="https://www.c1fapp.com/" target="_blank">C1fApp</a>
|
<a href="https://www.c1fapp.com/" target="_blank">C1fApp</a>
|
||||||
</td>
|
</td>
|
||||||
@ -171,6 +211,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
|
|||||||
The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention (sinkholing DNS requests).
|
The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention (sinkholing DNS requests).
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<a href="http://www.openbl.org/lists.html" target="_blank">OpenBL.org</a>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
A feed of IP addresses found to be attempting brute-force logins on services such as SSH, FTP, IMAP and phpMyAdmin and other web applications.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>
|
<td>
|
||||||
<a href="https://openphish.com/phishing_feeds.html" target="_blank">OpenPhish Feeds</a>
|
<a href="https://openphish.com/phishing_feeds.html" target="_blank">OpenPhish Feeds</a>
|
||||||
@ -213,6 +261,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
|
|||||||
A database of signatures used in other tools by Neo23x0.
|
A database of signatures used in other tools by Neo23x0.
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<a href="https://www.spamhaus.org/" target="_blank">The Spamhaus project</a>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
The Spamhaus Project contains multiple threatlists associated with spam and malware activity.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>
|
<td>
|
||||||
<a href="https://sslbl.abuse.ch/" target="_blank">SSL Blacklist</a>
|
<a href="https://sslbl.abuse.ch/" target="_blank">SSL Blacklist</a>
|
||||||
@ -221,6 +277,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
|
|||||||
SSL Blacklist (SSLBL) is a project maintained by abuse.ch. The goal is to provide a list of "bad" SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists
|
SSL Blacklist (SSLBL) is a project maintained by abuse.ch. The goal is to provide a list of "bad" SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<a href="https://statvoo.com/dl/top-1million-sites.csv.zip" target="_blank">Statvoo Top 1 Million Sites</a>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
Probable Whitelist of the top 1 million web sites, as ranked by Statvoo.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td>
|
<td>
|
||||||
<a href="https://strongarm.io" target="_blank">Strongarm, by Percipient Networks</a>
|
<a href="https://strongarm.io" target="_blank">Strongarm, by Percipient Networks</a>
|
||||||
|
Loading…
Reference in New Issue
Block a user