Closed wesyoung closed 8 years ago
Like this? /etc/cif/rules/default/ransomwaretracker.yml
provider: ransomwaretracker.abuse.ch
tlp: green
altid_tlp: white
confidence: 75
altid: https://ransomwaretrackertracker.abuse.ch/host/<observable>
tags:
- ransomwaretracker
- ransomware
- botnet
feeds:
url:
remote: http://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt
pattern: ^(?!#)(\S+)$
values:
- observable
domains:
remote: http://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
pattern: ^(?!#)(\S+)$
values:
- observable
ips:
remote: http://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
pattern: ^(?!#)(\S+)$
values:
- observable
confidence: 65```
http://ransomwaretracker.abuse.ch/feeds/csv/