Open Hugo-C opened 5 months ago
We want to regularly query Threatfox, in particular https://threatfox.abuse.ch/browse/tag/c2/ through their API. If the host respond and the hash is not in top-1M we can then flag it as suspicious, and possibly serve it to an API/store it somewhere.
Working on it through: https://github.com/Hugo-C/threatfox-daily-c2
We want to regularly query Threatfox, in particular https://threatfox.abuse.ch/browse/tag/c2/ through their API. If the host respond and the hash is not in top-1M we can then flag it as suspicious, and possibly serve it to an API/store it somewhere.