Added several new threatlists

Added several threatlists
This commit is contained in:
Simon Duff 2017-01-28 18:10:54 +08:00 committed by GitHub
parent b7bd716c09
commit fd5268d03e

View File

@ -59,6 +59,30 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
Tracks several active botnets. Tracks several active botnets.
</td> </td>
</tr> </tr>
<tr>
<td>
<a href="http://danger.rulez.sk/projects/bruteforceblocker/" target="_blank">BruteForceBlocker</a>
</td>
<td>
BruteForceBlocker is a perl script that monitors a server's sshd logs and identifies brute force attacks, which it then uses to automatically configure firewall blocking rules and submit those IPs back to the project site, <a href="http://danger.rulez.sk/projects/bruteforceblocker/blist.php">http://danger.rulez.sk/projects/bruteforceblocker/blist.php</a>.
</td>
</tr>
<tr>
<td>
<a href="http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt" target="_blank">C&amp;C Tracker</a>
</td>
<td>
A feed of known, active and non-sinkholed C&amp;C IP addresses, from Bambenek Consulting.
</td>
</tr>
<tr>
<td>
<a href="http://cinsscore.com/list/ci-badguys.txt" target="_blank">CI Army List</a>
</td>
<td>
A subset of the commercial <a href="http://cinsscore.com/">CINS Score</a> list, focused on poorly rated IPs that are not currently present on other threatlists.
</td>
</tr>
<tr> <tr>
<td> <td>
<a href="http://s3-us-west-1.amazonaws.com/umbrella-static/index.html" target="_blank">Cisco Umbrella</a> <a href="http://s3-us-west-1.amazonaws.com/umbrella-static/index.html" target="_blank">Cisco Umbrella</a>
@ -187,6 +211,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention (sinkholing DNS requests). The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. These can be used for detection as well as prevention (sinkholing DNS requests).
</td> </td>
</tr> </tr>
<tr>
<td>
<a href="http://www.openbl.org/lists.html" target="_blank">OpenBL.org</a>
</td>
<td>
A feed of IP addresses found to be attempting brute-force logins on services such as SSH, FTP, IMAP and phpMyAdmin and other web applications.
</td>
</tr>
<tr> <tr>
<td> <td>
<a href="https://openphish.com/phishing_feeds.html" target="_blank">OpenPhish Feeds</a> <a href="https://openphish.com/phishing_feeds.html" target="_blank">OpenPhish Feeds</a>
@ -229,6 +261,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
A database of signatures used in other tools by Neo23x0. A database of signatures used in other tools by Neo23x0.
</td> </td>
</tr> </tr>
<tr>
<td>
<a href="https://www.spamhaus.org/" target="_blank">The Spamhaus project</a>
</td>
<td>
The Spamhaus Project contains multiple threatlists associated with spam and malware activity.
</td>
</tr>
<tr> <tr>
<td> <td>
<a href="https://sslbl.abuse.ch/" target="_blank">SSL Blacklist</a> <a href="https://sslbl.abuse.ch/" target="_blank">SSL Blacklist</a>