Open Source Threat Intelligence feeds (draft)

Open Source Threat Intelligence feeds

Threat Profiling Tiers

 

  1. https://github.com/hslatman/awesome-threat-intelligence
  2. https://www.recordedfuture.com/threat-intelligence-sources/
  3. https://threatfeeds.io/
  4. https://www.threatcrowd.org/
  5. Spamhaus
  6. https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
  7. https://check.torproject.org/exit-addresses
  8. https://www.alienvault.com/open-threat-exchange
  9. https://www.misp-project.org/feeds/
  10. https://www.c1fapp.com/
  11. https://www.darkreading.com/threat-intelligence/8-low-or-no-cost-sources-of-threat-intelligence——-/d/d-id/1330447?image_number=2
  12. http://www.senki.org/operators-security-toolkit/open-source-threat-intelligence-feeds/
  13. https://digital-forensics.sans.org/summit-archives/DFIR_Summit/Open-Source-Threat-Intelligence-Kyle-Maxwell.pdf
  14. File Names
  15. OpenSCP
  16. https://www.nist.gov/itl/ssd/software-quality-group/nsrl-download
  17. https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld
  18. Indicators of Compromise
    1. File Names
    2. IPs
    3. URLs
    4. Domains
    5. File Hash
    6. Yara Rules
Group name Reconnaissance Credential harvesting
Tick whoami, procdump, VBS WCE, Mimikatz, gsecdump
Waterbug systeminfo, net, tasklist, gpresult WCE, pwdump
Suckfly tcpscan, smbscan WCE, gsecdump, credentialdumper
Fritillary PowerShell, sdelete Mimikatz, PowerShell
Destroyer Disk usage, event log viewer kerberos manipulator
Chafer network scanner, SMB bruteforcer WCE, Mimikatz, gsecdump
Greenbug Broutlook WCE, gsecdump, browdump
Buckeye os info, user info, smb enumerator pwdump, Lazagne, chromedump
Billbug ver, net, gpresult, systeminfo, ipconfig
Appleworm net, netsh, query, telnet, find dumping SAM
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s