Author Topic: ThreatFox | Share Indicators of Compromise (IOC's)  (Read 3620 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33748
  • malware fighter
ThreatFox | Share Indicators of Compromise (IOC's)
« on: March 08, 2021, 06:02:43 PM »
Excellent initiative by the maker of URLhaus.
IoC's transformed into ClamAV-, YARA -, Snort -, Suricata-rules

https://en.wikipedia.org/wiki/Clam_AntiVirus
https://nl.wikipedia.org/wiki/Snort
https://en.wikipedia.org/wiki/Suricata_(software)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88159
  • No support PMs thanks
Re: ThreatFox | Share Indicators of Compromise (IOC's)
« Reply #1 on: March 08, 2021, 06:25:47 PM »

Your 3rd URL doesn't work, the ) at end of URL (not encapsulated within URL tags) and not thought to be part of the URL.

https://en.wikipedia.org/wiki/Suricata_(software)
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33748
  • malware fighter
Re: ThreatFox | Share Indicators of Compromise (IOC's)
« Reply #2 on: March 09, 2021, 12:09:17 AM »
Hi DavidR,

Slip of the proverbial link -indeed - it is https://en.wikipedia.org/wiki/Suricata_(software)
Thanks for correcting what I overlooked as the way-back machine still would have taken you there,
despite the lack of that second ).

However that initiative is a sound one, and I hope that avast will also "borrow" from such resources.
URLHaus is a reliable source for bot malcode all sorts.

Kind regards,

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88159
  • No support PMs thanks
Re: ThreatFox | Share Indicators of Compromise (IOC's)
« Reply #3 on: March 09, 2021, 12:36:25 AM »
Hi DavidR,

Slip of the proverbial link -indeed - it is https://en.wikipedia.org/wiki/Suricata_(software)
Thanks for correcting what I overlooked as the way-back machine still would have taken you there,
despite the lack of that second ).

However that initiative is a sound one, and I hope that avast will also "borrow" from such resources.
URLHaus is a reliable source for bot malcode all sorts.

Kind regards,

Damian

You're welcome, though its still the same, unless you wrap it in URL tags
Code: [Select]
[URL]https://en.wikipedia.org/wiki/Suricata_(software)[/url]
There also used to be a SpamHaus resource to check suspect spam emails, presumably the same company/organisation, etc..
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33748
  • malware fighter
Re: ThreatFox | Share Indicators of Compromise (IOC's)
« Reply #4 on: March 10, 2021, 10:32:34 PM »
Hi DavidR,

It is like it is, dear DavidR, that is how I stumbled upon it.
Threatfox, a community driven initiative, and that makes it more acceptable and sympathetic.
All reports to URLHaus are also made by people that report there.

And we, here, aren't we not also into such activities.
A friendly forum community is a big help for the end-user.

Good to be part of it,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!