Author Topic: Tests and other Media topics  (Read 310982 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32816
  • malware fighter
Re: Tests and other Media topics
« Reply #855 on: November 22, 2020, 12:06:21 AM »
Various resources used at covert.io threat intelligenge:
Quote
IOC Repositories
These repo’s contain threat intelligence generally updated manually when the respective orgs publish threat reports.

https://github.com/aptnotes/data
https://github.com/citizenlab/malware-indicators
https://github.com/da667/667s_Shitlist
https://github.com/eset/malware-ioc
https://github.com/fireeye/iocs
https://github.com/Neo23x0/signature-base/tree/master/iocs
https://github.com/pan-unit42/iocs
https://github.com/stamparm/maltrail/tree/master/trails/static/malware
https://github.com/stamparm/maltrail/tree/master/trails/static/suspicious
IOC Feeds
These URLs are data feeds of various types from scanning IPs from honeypots to C2 domains from malware sandboxes, and many other types. They were compiled from several sources, including (but not limited to): 1, 2, 3, 4, 5, 6. They are in alphabetical order.

http://antispam.imp.ch/wormlist
http://app.webinspector.com/recent_detections
http://atrack.h3x.eu/api/asprox_suspected.php
http://autoshun.org/files/shunlist.csv
http://blocklist.greensnow.co/greensnow.txt
http://botscout.com/last.htm
http://botscout.com/last_caught_cache.htm
http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt
http://cinsscore.com/list/ci-badguys.txt
http://cybercrime-tracker.net/all.php
http://cybercrime-tracker.net/ccam.php
http://cybercrime-tracker.net/ccpmgate.php
http://danger.rulez.sk/projects/bruteforceblocker/blist.php
http://data.netlab.360.com/feeds/dga/dga.txt
http://data.netlab.360.com/feeds/ek/magnitude.txt
http://data.netlab.360.com/feeds/ek/neutrino.txt
http://data.netlab.360.com/feeds/mirai-scanner/scanner.list
http://data.phishtank.com/data/online-valid.csv
http://dns-bh.sagadc.org/dynamic_dns.txt
http://feeds.dshield.org/top10-2.txt
http://hosts-file.net/?s=Browse&f=2014
http://labs.snort.org/feeds/ip-filter.blf
http://labs.sucuri.net/?malware
http://lists.blocklist.de/lists/all.txt
http://malc0de.com/bl/BOOT
http://malc0de.com/bl/IP_Blacklist.txt
http://malc0de.com/rss/
http://malwaredb.malekal.com/
http://malwaredomains.lehigh.edu/files/domains.txt
http://malwareurls.joxeankoret.com/normal.txt
http://mirror2.malwaredomains.com/files/immortal_domains.txt
http://mirror2.malwaredomains.com/files/justdomains
http://multiproxy.org/txt_all/proxy.txt
http://openphish.com/feed.txt
http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt
http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
http://osint.bambenekconsulting.com/feeds/c2-masterlist.txt
http://osint.bambenekconsulting.com/feeds/dga-feed.txt
http://ransomwaretracker.abuse.ch
http://report.rutgers.edu/DROP/attackers
http://reputation.alienvault.com/reputation.data
http://rules.emergingthreats.net/blockrules/emerging-ciarmy.rules
http://rules.emergingthreats.net/blockrules/emerging-compromised.rules
http://rules.emergingthreats.net/fwrules/emerging-PF-CC.rules
http://rules.emergingthreats.net/open/suricata/rules/botcc.rules
http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt
http://sblam.com/blacklist.txt
http://support.clean-mx.de/clean-mx/xmlviruses.php
http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv
http://tracker.h3x.eu/api/sites_1day.php
http://virbl.org/download/virbl.dnsbl.bit.nl.txt
http://vmx.yourcmc.ru/BAD_HOSTS.IP4
http://vxvault.net/URL_List.php
http://vxvault.siri-urz.net/URL_List.php
http://vxvault.siri-urz.net/ViriList.php
http://www.autoshun.org/files/shunlist.csv
http://www.blocklist.de/lists/apache.txt
http://www.blocklist.de/lists/asterisk.txt
http://www.blocklist.de/lists/bots.txt
http://www.blocklist.de/lists/courierimap.txt
http://www.blocklist.de/lists/courierpop3.txt
http://www.blocklist.de/lists/email.txt
http://www.blocklist.de/lists/ftp.txt
http://www.blocklist.de/lists/imap.txt
http://www.blocklist.de/lists/ircbot.txt
http://www.blocklist.de/lists/pop3.txt
http://www.blocklist.de/lists/postfix.txt
http://www.blocklist.de/lists/proftpd.txt
http://www.blocklist.de/lists/sip.txt
http://www.blocklist.de/lists/ssh.txt
http://www.botvrij.eu/data/ioclist.url
http://www.ciarmy.com/list/ci-badguys.txt
http://www.dshield.org/ipsascii.html?limit=10000
http://www.falconcrest.eu/IPBL.aspx
http://www.joewein.net/dl/bl/dom-bl-base.txt
http://www.joewein.net/dl/bl/dom-bl.txt
http://www.malware-traffic-analysis.net
http://www.malwareblacklist.com/showAllMalwareURL.php?userName=Guest&sessionID=&downloadOption=0
http://www.malwaredomainlist.com/hostslist/ip.txt
http://www.malwaredomainlist.com/updatescsv.php
http://www.malwaregroup.com/ipaddresses
http://www.michaelbrentecklund.com/whm-cpanel-cphulk-banlist-whm-cpanel-cphulk-blacklist/
http://www.mirc.com/servers.ini
http://www.nothink.org/blacklist/blacklist_malware_dns.txt
http://www.nothink.org/blacklist/blacklist_malware_http.txt
http://www.nothink.org/blacklist/blacklist_malware_irc.txt
http://www.nothink.org/blacklist/blacklist_snmp_2015.txt
http://www.nothink.org/blacklist/blacklist_ssh_day.txt
http://www.projecthoneypot.org/list_of_ips.php
http://www.spamhaus.org/drop/drop.txt
http://www.spamhaus.org/drop/edrop.txt
http://www.stopforumspam.com/downloads/listed_ip_1_all.zip
http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt
http://www.urlvir.com/export-hosts/
http://www.voipbl.org/update/
https://atlas.arbor.net/summary/domainlist
https://dataplane.org/sshclient.txt
https://dataplane.org/sshpwauth.txt
https://disconnect.me/lists/malvertising
https://disconnect.me/lists/malwarefilter
https://dragonresearchgroup.org/insight/sshpwauth.txt
https://dragonresearchgroup.org/insight/vncprobe.txt
https://feodotracker.abuse.ch
https://github.com/stamparm/maltrail/blob/master/trails/static/mass_scanner.txt
https://gitlab.com/ZeroDot1/CoinBlockerLists/blob/master/list.txt
https://isc.sans.edu/feeds/daily_sources
https://isc.sans.edu/feeds/suspiciousdomains_High.txt
https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
https://isc.sans.edu/feeds/topips.txt
https://isc.sans.edu/ipsascii.html
https://lists.malwarepatrol.net/cgi/getfile?receipt=f1417692233&product=8&list=dansguardian
https://malc0de.com/bl/ZONES
https://malsilo.gitlab.io/feeds/dumps/url_list.txt
https://malwared.malwaremustdie.org/rss.php
https://malwared.malwaremustdie.org/rss_bin.php
https://malwared.malwaremustdie.org/rss_ssh.php
https://myip.ms/files/blacklist/htaccess/latest_blacklist.txt
https://onionoo.torproject.org/details?type=relay&running=true
https://palevotracker.abuse.ch
https://paste.cryptolaemus.com/feed.xml
https://raw.githubusercontent.com/botherder/targetedthreats/master/targetedthreats.csv
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_nodes_1d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_1d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cruzit_web_attacks.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists_1d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss_1d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyspy_1d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_web_proxies_30d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks_proxy_7d.ipset
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies_1d.ipset
https://raw.githubusercontent.com/futpib/policeman-rulesets/master/examples/simple_domains_blacklist.txt
https://raw.githubusercontent.com/Neo23x0/signature-base/master/iocs/otx-c2-iocs.txt
https://rules.emergingthreats.net/open/suricata/rules/emerging-dns.rules
https://secure.dshield.org/ipsascii.html?limit=1000
https://sslbl.abuse.ch
https://techhelplist.com/maltlqr/reports/dyreza.txt
https://techhelplist.com/pastes
https://techhelplist.com/spam-list
https://threatfeeds.io/
https://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv
https://urlhaus.abuse.ch/downloads/csv/
https://www.badips.com/get/list/any/2?age=7d
https://www.circl.lu/doc/misp/feed-osint/
https://www.dan.me.uk/torlist/
https://www.hidemyass.com/vpn-config/l2tp/
https://www.malwaredomainlist.com/hostslist/hosts.txt
https://www.maxmind.com/en/anonymous_proxies
https://www.maxmind.com/en/high-risk-ip-sample-list
https://www.openbl.org/lists/base.txt
https://www.openbl.org/lists/base_all_ftp-only.txt
https://www.openbl.org/lists/base_all_http-only.txt
https://www.openbl.org/lists/base_all_smtp-only.txt
https://www.openbl.org/lists/base_all_ssh-only.txt
https://www.packetmail.net/iprep.txt
https://www.packetmail.net/iprep_CARISIRT.txt
https://www.packetmail.net/iprep_ramnode.txt
https://www.trustedsec.com/banlist.txt
https://www.turris.cz/greylist-data/greylist-latest.csv
https://zeustracker.abuse.ch


Also interesting (example): https://firewallban.dynu.net/search.php?submit=Search&search=2.57.122.96

Search engine to search for script snippet examples: https://publicwww.com/?q=

enjoy, my good friends, enjoy and have a good week,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32816
  • malware fighter
Re: Tests and other Media topics
« Reply #856 on: Today at 12:28:35 PM »
L.S.

If your origin servers are exposed attackers can attack them directly and bypass any sort of protection you may have. Many large CDN companies have bad design which allows for serious security vulnerabilities.

Check website here: https://bitmitigate.com/origin-exposure-test.html?name=

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!