infosecn1nja
/
awesome-threat-intelligence
mirror of https://github.com/infosecn1nja/awesome-threat-intelligence.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #70 from hslatman/hs_january 

Add contributions of @sduff and fix issues
master
Herman Slatman 2017-01-28 12:02:12 +01:00 committed by GitHub
parent 8753736e22 941436fba8
commit cccbe9a5dd
2 changed files with 66 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -4,4 +4,4 @@ rvm:
before_script:
- gem install awesome_bot
script:
- awesome_bot README.md --white-list CONTRIBUTING.md,https://www.threatcrowd.org/,https://intel.deepviz.com/recap_network.php,https://www.fireeye.com/services/freeware/ioc-editor.html,https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf,http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf,http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://sslbl.abuse.ch/,https://soltra.com/,https://cryptome.org/2015/09/cti-guide.pdf,https://intel.criticalstack.com/,https://car.mitre.org/wiki/Main_Page,http://dx.doi.org/10.6028/NIST.SP.800-150,https://bitbucket.org/camp0/aiengine,https://www.abuse.ch/,https://www.recordedfuture.com/,https://isc.sans.edu/suspicious_domains.html
- awesome_bot README.md --white-list CONTRIBUTING.md,https://www.threatcrowd.org/,https://intel.deepviz.com/recap_network.php,https://www.fireeye.com/services/freeware/ioc-editor.html,https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf,http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf,http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://sslbl.abuse.ch/,https://soltra.com/,https://cryptome.org/2015/09/cti-guide.pdf,https://intel.criticalstack.com/,https://car.mitre.org/wiki/Main_Page,http://dx.doi.org/10.6028/NIST.SP.800-150,https://bitbucket.org/camp0/aiengine,https://www.abuse.ch/,https://www.recordedfuture.com/,https://isc.sans.edu/suspicious_domains.html,http://danger.rulez.sk/projects/bruteforceblocker/blist.php

64
README.md
View File

@ -19,6 +19,14 @@ Some consider these sources as threat intelligence, opinions differ however.
A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence.
<table>
<tr>
<td>
<a href="http://s3.amazonaws.com/alexa-static/top-1m.csv.zip" target="_blank">Alexa Top 1 Million sites</a>
</td>
<td>
Probable Whitelist of the top 1 Million sites from Amazon(Alexa).
</td>
</tr>
<tr>
<td>
<a href="https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml" target="_blank">APT Groups and Operations</a>
@ -51,6 +59,38 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
Tracks several active botnets.
</td>
</tr>
<tr>
<td>
<a href="http://danger.rulez.sk/projects/bruteforceblocker/" target="_blank">BruteForceBlocker</a>
</td>
<td>
BruteForceBlocker is a perl script that monitors a server's sshd logs and identifies brute force attacks, which it then uses to automatically configure firewall blocking rules and submit those IPs back to the project site, <a href="http://danger.rulez.sk/projects/bruteforceblocker/blist.php">http://danger.rulez.sk/projects/bruteforceblocker/blist.php</a>.
</td>
</tr>
<tr>
<td>
<a href="http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt" target="_blank">C&amp;C Tracker</a>
</td>
<td>
A feed of known, active and non-sinkholed C&amp;C IP addresses, from Bambenek Consulting.
</td>
</tr>
<tr>
<td>
<a href="http://cinsscore.com/list/ci-badguys.txt" target="_blank">CI Army List</a>
</td>
<td>
A subset of the commercial <a href="http://cinsscore.com/">CINS Score</a> list, focused on poorly rated IPs that are not currently present on other threatlists.
</td>
</tr>
<tr>
<td>
<a href="http://s3-us-west-1.amazonaws.com/umbrella-static/index.html" target="_blank">Cisco Umbrella</a>
</td>
<td>
Probable Whitelist of the top 1 million sites resolved by Cisco Umbrella (was OpenDNS).
</td>
</tr>
<tr>
<td>
<a href="https://intel.criticalstack.com/" target="_blank">Critical Stack Intel</a>
@ -171,6 +211,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention (sinkholing DNS requests).
</td>
</tr>
<tr>
<td>
<a href="http://www.openbl.org/lists.html" target="_blank">OpenBL.org</a>
</td>
<td>
A feed of IP addresses found to be attempting brute-force logins on services such as SSH, FTP, IMAP and phpMyAdmin and other web applications.
</td>
</tr>
<tr>
<td>
<a href="https://openphish.com/phishing_feeds.html" target="_blank">OpenPhish Feeds</a>
@ -213,6 +261,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
A database of signatures used in other tools by Neo23x0.
</td>
</tr>
<tr>
<td>
<a href="https://www.spamhaus.org/" target="_blank">The Spamhaus project</a>
</td>
<td>
The Spamhaus Project contains multiple threatlists associated with spam and malware activity.
</td>
</tr>
<tr>
<td>
<a href="https://sslbl.abuse.ch/" target="_blank">SSL Blacklist</a>
@ -221,6 +277,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
SSL Blacklist (SSLBL) is a project maintained by abuse.ch. The goal is to provide a list of "bad" SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists
</td>
</tr>
<tr>
<td>
<a href="https://statvoo.com/dl/top-1million-sites.csv.zip" target="_blank">Statvoo Top 1 Million Sites</a>
</td>
<td>
Probable Whitelist of the top 1 million web sites, as ranked by Statvoo.
</td>
</tr>
<tr>
<td>
<a href="https://strongarm.io" target="_blank">Strongarm, by Percipient Networks</a>