Closed SYNchroACK closed 4 years ago
OMG!! So much juice.......!!!!!!
Tomas i'm wondering, how can we evaluate the false positives or false negatives with this huge amount of intel.....this kind of stuff makes me think that the event record structure should have some kind of field that would represent the level of trust the collected info.....
I think @mauroasilva is one step ahead heheh :)
Always late hehehe:)
I converted the original list to a checklist and marked the implemented ones, so have a better overview.
cool, thx. Added n6
New shadowserver feeds:
- [x] accessible SMB: https://www.shadowserver.org/wiki/pmwiki.php/Services/Accessible-SMB
@cert-bund has done this. Currently I'm reviewing the config. PR will come soon. PR https://github.com/certtools/intelmq/pull/1028
PR for Zone-H's CSV email feed: #1015 (note this is a country-code specific feed, rather than scraping the public RSS feed - that may be separate if there's demand).
@kruisdraad Thanks, removed it from the list
these dont work either:
http://abusix.org/service/spamfeeds http://qwe.affairedhonneur.us/depqfie59y https://github.com/animus-project/threat_data https://1d4.us/archive/ http://www.blade-defender.org/eval-lab/ http://www.infiltrated.net/ [all of them]
either 404, no DNS or perm loading screen
@kruisdraad Thanks for checking them. I marked them as offline in the above list.
List of feeds: https://threatfeeds.io/
bitcash is terminated https://bitcash.cz/misc/log/blacklist
shodan search API
Added:
Added:
Arbor FastFlux is no more...
Shouldn't we place this in a wiki page or in a file, so we get a consolidated list and the ability of more people to edit it? :)
Arbor FastFlux is no more...
Thanks, updated the list
Shouldn't we place this in a wiki page or in a file, so we get a consolidated list and the ability of more people to edit it? :)
I don't really like the idea of keeping it in a file, as the list is independent of the rest and doesn't need versioning etc. It's also much easier to comment here instead of creating pull requests.
For the wiki: I'm in favor of it, but the wiki here has been deactivated a few years ago. @aaronkaplan what do you think about it?
A file could be the best available solution to get
And it is related to the IntelMQ code base, because it shows the current state of wished-for additional feeds. ;)
If you want to contribute creating some bots in order to collect more information, pick one of these feeds:
1d4 https://1d4.us/archive/offlineAbuse.ch (RSS) https://palevotracker.abuse.ch/blocklists.phpdiscontinuedAbuse.ch (RSS) https://spyeyetracker.abuse.ch/blocklist.phpdiscontinuedAbusix http://abusix.org/service/spamfeedsofflineAffairedhonneur http://qwe.affairedhonneur.us/depqfie59yofflineAnimus Project https://github.com/animus-project/threat_dataofflineArbor FastFlux http://atlas.arbor.net/summary/fastfluxdiscontinuedBit Cash http://bitcash.cz/misc/log/blacklistredirectsBlade-Defender http://www.blade-defender.org/eval-lab/offlineBrawg http://www.brawg.com/unreachableCERT.org http://www.cert.org/downloads/mxlist.ips.txt404Geo SPY http://www.geopsy.org/blacklist.html404H3X http://atrack.h3x.eu/offlineInflitrated http://www.infiltrated.net/blacklistedofflineInflitrated http://www.infiltrated.net/vabl.txtofflineInflitrated http://www.infiltrated.net/voipabuse/netblocks.txtofflineInflitrated http://www.infiltrated.net/webattackers.txtofflineJeek http://jsunpack.jeek.org/dec/go?list=1Host unreachableKids Clinic JP http://www.kids-clinic.jp/uni/ipaddress/new_logNo data, last updated 2012-01Kolatzek http://robert.kolatzek.org/possible_botnet_ips.txtError 404Malekal http://www3.malekal.com/exploit.txtserver not foundMalekal http://www3.malekal.com/malwares/server not foundMalware BlackList http://www.malwareblacklist.com/mbl.xmlserver not foundMalware BlackList http://www.malwareblacklist.com/showMDL.phpserver not foundMalware.br http://www.malware.com.br/cgi/submit?action=listdiscontinued -> malwarepatrolMalwared http://malwared.ru/db/fulllist.phpOfflineMalwareDomains http://mirror2.malwaredomains.com/files/dynamic_dns.txt404Martin Cyber http://intel.martincyber.com/ip/server not foundMinotaur Analysis http://minotauranalysis.com/malwarelist.aspx404Minotaur Analysis http://minotauranalysis.com/malwarelist-urls.aspx404Nothink http://www.nothink.org/blacklist/blacklist_malwareoutdatedNothink http://www.nothink.org/blacklist/blacklist_malware_dns.txtoutdatedNothink http://www.nothink.org/blacklist/blacklist_malware_http.txtoutdatedNothink http://www.nothink.org/blacklist/blacklist_malware_irc.txtoutdatedNothink http://www.nothink.org/blacklist/blacklist_snmp_2015.txtoutdatedNothink http://www.nothink.org/blacklist/blacklist_ssh404PacketMail https://www.packetmail.net/iprep_perimeterbad.txt404PHP Black http://poste.it-postepay4.phpblack.com/server not foundPrometheus Group http://downloads.prometheus-group.com/delayed/rules/modsec/domain-blacklist.txtbroken redirect/offlineProxylists http://proxylists.mebroken redirect/offlineProxySpy http://txt.proxyspy.net/proxy.txt418Snort http://labs.snort.org/iplists/404Spys RU http://spys.ru/proxies/503t-Arend http://www.t-arend.de/linux/badguys.txtLast updated 2009-09-06Trailswest http://aveconomic.trailswest.org:15106/haddan_files/stories.phpserver not foundTrustedSec https://www.trustedsec.com/banlist.txtredirectVir BL https://virbl.bit.nl/download/virbl.dnsbl.bit.nl.bindofflineYoyo http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtmlThese are ad servers