From fd5268d03e5bcb7b70c7904b1efd258deaa4049e Mon Sep 17 00:00:00 2001 From: Simon Duff Date: Sat, 28 Jan 2017 18:10:54 +0800 Subject: [PATCH] Added several new threatlists Added several threatlists --- README.md | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/README.md b/README.md index 0ac6981..71402ee 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,30 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea Tracks several active botnets. + + + BruteForceBlocker + + + BruteForceBlocker is a perl script that monitors a server's sshd logs and identifies brute force attacks, which it then uses to automatically configure firewall blocking rules and submit those IPs back to the project site, http://danger.rulez.sk/projects/bruteforceblocker/blist.php. + + + + + C&C Tracker + + + A feed of known, active and non-sinkholed C&C IP addresses, from Bambenek Consulting. + + + + + CI Army List + + + A subset of the commercial CINS Score list, focused on poorly rated IPs that are not currently present on other threatlists. + + Cisco Umbrella @@ -187,6 +211,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention (sinkholing DNS requests). + + + OpenBL.org + + + A feed of IP addresses found to be attempting brute-force logins on services such as SSH, FTP, IMAP and phpMyAdmin and other web applications. + + OpenPhish Feeds @@ -229,6 +261,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea A database of signatures used in other tools by Neo23x0. + + + The Spamhaus project + + + The Spamhaus Project contains multiple threatlists associated with spam and malware activity. + + SSL Blacklist