Hugo-C
commented
2 months ago Working on it through: https://github.com/Hugo-C/threatfox-daily-c2
Open Hugo-C opened 5 months ago
Hugo-C
commented
2 months ago Working on it through: https://github.com/Hugo-C/threatfox-daily-c2
We want to regularly query Threatfox, in particular https://threatfox.abuse.ch/browse/tag/c2/ through their API. If the host respond and the hash is not in top-1M we can then flag it as suspicious, and possibly serve it to an API/store it somewhere.