Categories: Resources

Threat Intelligence

  • ThreatCrowd – A free threat intel tool for pivoting on domains/ips/emails/av/locations within the site / Maltego / Api.
  • abuse.ch – ZeuS Tracker / SpyEye Tracker / Palevo Tracker / Feodo Tracker tracks Command&Control servers (hosts) around the world and provides you a domain- and an IP-blocklist.
  • Emerging Threats – Open Source – Emerging Threats began 10 years ago as an open source community for collecting Suricata and SNORT® rules, firewall rules, and other IDS rule-sets. The open source community still plays an active role in Internet security, with more than 200,000 active users downloading the ruleset daily. The ETOpen Ruleset is open to any user or organization, as long as you follow some basic guidelines. Our ETOpen Ruleset is available for download any time.
  • PhishTank – PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.
  • SBL / XBL / PBL / DBL / DROP / ROKSO – The Spamhaus Project is an international nonprofit organization whose mission is to track the Internet’s spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spam and malware gangs worldwide, and to lobby governments for effective anti-spam legislation.
  • Internet Storm Center – The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
  • AlienVault Open Threat Exchange – AlienVault Open Threat Exchange (OTX), to help you secure your networks from data loss, service disruption and system compromise caused by malicious IP addresses.
  • Tor Bulk Exit List – CollecTor, your friendly data-collecting service in the Tor network. CollecTor fetches data from various nodes and services in the public Tor network and makes it available to the world. If you’re doing research on the Tor network, or if you’re developing an application that uses Tor network data, this is your place to start. TOR Node List / DNS Blacklists
  • OpenVAS NVT Feed – The public feed of Network Vulnerability Tests (NVTs). It contains more than 35,000 NVTs (as of April 2014), growing on a daily basis. This feed is configured as the default for OpenVAS.
  • Project Honey Pot – Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.
  • virustotal – VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.
  • IntelMQ – IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It’s a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. ENSIA Homepage.
  • CIFv3 – CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route).
  • MISP – Open Source Threat Intelligence Platform – MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. The MISP project includes software, common libraries (taxonomies, threat-actors and various malware), an extensive data model to share new information using objects and default feeds.
  • PhishStats – Phishing Statistics with search for IP, domain and website title.
  • URLVOID – This service helps you to identify websites involved in malware incidents, fraudulent activities, fake shopping sites, phishing websites.
  • IPVOID – The usage is very simple, just insert the IP address in the form below and press the button.
  • Central Ops – Free online network tools
  • Forcepoint CSI – CSI ACE Insight is a tool for assessing the current state and risk level of a web link or IP address.
  • AbuseIPDB – making the internet safer, one IP at a time
«
»
Stay up to date with the latest cyber news: