From 5d13dc585094e251037a6ab3cad1d2c596b1d678 Mon Sep 17 00:00:00 2001 From: Jurriaan Bremer Date: Tue, 28 Feb 2017 18:48:19 +0100 Subject: [PATCH 1/5] Surely Cuckoo should be represented here ;-) --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 336efa2..19de398 100644 --- a/README.md +++ b/README.md @@ -748,6 +748,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly The framework automatically downloads recent samples, which triggered an alert on the users YARA notification feed. + + + Cuckoo Sandbox + + + Cuckoo Sandbox is an automated dynamic malware analysis system. It's the most well-known open source malware analysis sandbox around and is frequently deployed by researchers, CERT/SOC teams, and threat intelligence teams all around the globe. For many organizations Cuckoo Sandbox provides a first insight into potential malware samples. + + Fenrir From 4e16afdb260426a739c2470cc41fa09c4302bb58 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Tue, 28 Feb 2017 22:50:19 +0100 Subject: [PATCH 2/5] Add the WI2017 paper on Threat Intelligence Sharing Platforms --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 336efa2..c1f3027 100644 --- a/README.md +++ b/README.md @@ -1234,6 +1234,14 @@ All kinds of reading material about Threat Intelligence. Includes (scientific) r This report by MWR InfoSecurity clearly describes several diffent types of threat intelligence, including strategic, tactical and operational variations. It also discusses the processes of requirements elicitation, collection, analysis, production and evaluation of threat intelligence. Also included are some quick wins and a maturity model for each of the types of threat intelligence defined by MWR InfoSecurity. + + + Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives + + + A systematic study of 22 Threat Intelligence Sharing Platforms surfacing eight key findings about the gap between existing products and what properties a product should have. + + Traffic Light Protocol From 22814b38c9bfc47397c34d829d9c43375c82509e Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Tue, 28 Feb 2017 23:06:17 +0100 Subject: [PATCH 3/5] Reword the description for the TISPs paper --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c1f3027..8bd5566 100644 --- a/README.md +++ b/README.md @@ -1239,7 +1239,7 @@ All kinds of reading material about Threat Intelligence. Includes (scientific) r Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives - A systematic study of 22 Threat Intelligence Sharing Platforms surfacing eight key findings about the gap between existing products and what properties a product should have. + A systematic study of 22 Threat Intelligence Sharing Platforms (TISP) surfacing eight key findings about the current state of threat intelligence usage, its definition and TISPs. From b7659b3b9c62e21d7b6c3e17980b505849183656 Mon Sep 17 00:00:00 2001 From: Tomas Hertus Date: Wed, 8 Mar 2017 15:12:33 -0800 Subject: [PATCH 4/5] Adding Metadefender.com Threat Intelligence Feeds --- README.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7e06ce5..f43217c 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea CI Army List - A subset of the commercial CINS Score list, focused on poorly rated IPs that are not currently present on other threatlists. + A subset of the commercial CINS Score list, focused on poorly rated IPs that are not currently present on other threatlists. @@ -211,12 +211,20 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention (sinkholing DNS requests). + + + Metadefender.com + + + Metadefender Cloud Threat Intelligence Feeds contains top new malware hash signatures, including MD5, SHA1, and SHA256. These new malicious hashes have been spotted by Metadefender Cloud within the last 24 hours. The feeds are updated daily with newly detected and reported malware to provide actionable and timely threat intelligence. + + OpenBL.org - A feed of IP addresses found to be attempting brute-force logins on services such as SSH, FTP, IMAP and phpMyAdmin and other web applications. + A feed of IP addresses found to be attempting brute-force logins on services such as SSH, FTP, IMAP and phpMyAdmin and other web applications. From 0340ae084e26f91e06eac9363f409b17af7d8649 Mon Sep 17 00:00:00 2001 From: 53686f63636f <53686f63636f@gmail.com> Date: Thu, 23 Mar 2017 15:41:47 -0700 Subject: [PATCH 5/5] Update README.md fixed formatting --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index f43217c..de992b2 100644 --- a/README.md +++ b/README.md @@ -258,7 +258,6 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea The Suspicious Domains Threat Lists by SANS ICS tracks suspicious domains. It offers 3 lists categorized as either high, medium or low sensitivity, where the high sensitivity list has fewer false positives, whereas the low sensitivty list with more false positives. There is also an approved whitelist of domains.
Finally, there is a suggested IP blocklist from DShield. -