csirtgadgets / massive-octo-spice

DEPRECATED - USE v3 (bearded-avenger)
https://github.com/csirtgadgets/bearded-avenger-deploymentkit/wiki
GNU Lesser General Public License v3.0
227 stars 60 forks source link

ransomeware feed #394

Closed wesyoung closed 8 years ago

wesyoung commented 8 years ago

http://ransomwaretracker.abuse.ch/feeds/csv/

andurin commented 8 years ago

Like this? /etc/cif/rules/default/ransomwaretracker.yml

  provider: ransomwaretracker.abuse.ch
  tlp: green
  altid_tlp: white
  confidence: 75
  altid: https://ransomwaretrackertracker.abuse.ch/host/<observable>
  tags:
    - ransomwaretracker
    - ransomware
    - botnet

feeds:
  url:
    remote: http://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt
    pattern: ^(?!#)(\S+)$
    values:
      - observable

  domains:
    remote: http://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
    pattern: ^(?!#)(\S+)$
    values:
      - observable

  ips:
    remote: http://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
    pattern: ^(?!#)(\S+)$
    values:
      - observable
    confidence: 65```