-
Notifications
You must be signed in to change notification settings - Fork 66
/
Copy pathThreatIntelFeeds.csv
We can make this file beautiful and searchable if this error is corrected: It looks like row 9 should actually have 1 column, instead of 2 in line 8.
145 lines (145 loc) · 18.5 KB
/
ThreatIntelFeeds.csv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
Vendor;Description;Category;Url
Abuse.ch;The host file below contains the following datasets observed in the past 6 month: Payload delivery domains and Botnet C2 domains;DNS;https://threatfox.abuse.ch/downloads/hostfile/
Abuse.ch;Botnet C2 IP Blacklist ;IP;https://sslbl.abuse.ch/blacklist/sslipblacklist.csv
Abuse.ch;Botnet C2 IP Blacklist ;IP;https://sslbl.abuse.ch/blacklist/sslipblacklist.txt
Abuse.ch;Botnet C2 IP Blacklist aggressive;IP;https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv
Abuse.ch;Botnet C2 IP Blacklist aggressive;IP;https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.txt
Blocklist.de;All IP addresses that have attacked one of our customers/servers in the last 48 hours.;IP;https://lists.blocklist.de/lists/all.txt
Blocklist.de;All IP addresses which have been reported within the last 48 hours as having run attacks on the service SSH;IP;https://lists.blocklist.de/lists/ssh.txt
Blocklist.de;All IP addresses which have been reported within the last 48 hours as having run attacks on the service Mail, Postfix.;IP;https://lists.blocklist.de/lists/mail.txt
Blocklist.de;All IP addresses which have been reported within the last 48 hours as having run attacks on the service Apache, Apache-DDOS, RFI-Attacks.;IP;https://lists.blocklist.de/lists/apache.txt
Blocklist.de;All IP addresses which have been reported within the last 48 hours for attacks on the Service imap, sasl, pop3;IP;https://lists.blocklist.de/lists/imap.txt
Blocklist.de;All IP addresses which have been reported within the last 48 hours as having run attacks attacks on the RFI-Attacks, REG-Bots, IRC-Bots or BadBots (BadBots = he has posted a Spam-Comment on a open Forum or Wiki).;IP;https://lists.blocklist.de/lists/bots.txt
Blocklist.de;All IPs which attacks Joomlas, Wordpress and other Web-Logins with Brute-Force Logins.;IP;https://lists.blocklist.de/lists/bruteforcelogin.txt
Blocklist.de;All IPs which are older then 2 month and have more then 5.000 attacks.;IP;https://lists.blocklist.de/lists/strongips.txt
Abuse.ch;Botnet C2 Indicators Of Compromise;IP;https://feodotracker.abuse.ch/downloads/ipblocklist.txt
Abuse.ch;all botnet C2s Feodo Tracker has ever seen;IP;https://feodotracker.abuse.ch/blocklist/
Abuse.ch;MD5 hashes: Recent additions;MD5;https://bazaar.abuse.ch/export/txt/md5/recent/
Abuse.ch;Recent found malicious files on C2;MD5;https://threatfox.abuse.ch/export/csv/md5/recent/
Abuse.ch;SHA1 hashes: Recent additions;SHA1;https://bazaar.abuse.ch/export/txt/sha1/recent/
Abuse.ch;SHA256 hashes: Recent additions;SHA256;https://bazaar.abuse.ch/export/txt/sha256/recent/
Abuse.ch;Recent found malicious files on C2;SHA256;https://threatfox.abuse.ch/export/csv/sha256/recent/
Abuse.ch;SSL Certificate Blacklist;SSL;https://sslbl.abuse.ch/blacklist/sslblacklist.csv
Abuse.ch;Recent Payload delivery domains and Botnet C2 domains;URL;https://threatfox.abuse.ch/export/csv/urls/recent/
Alienvault;Alienvault IP Reputation;IP;http://reputation.alienvault.com/reputation.data
Cisco Talos;Talos IP Blacklist;IP;http://www.talosintelligence.com/documents/ip-blacklist
Github;APT Notes;SHA1;https://raw.githubusercontent.com/aptnotes/data/master/APTnotes.csv
Github;APT Notes;URL;https://raw.githubusercontent.com/aptnotes/data/master/APTnotes.csv
Binarydefense;Binary Defense Systems Artillery Threat Intelligence Feed and Banlist Feed;IP;https://www.binarydefense.com/banlist.txt
Github;Fox-IT Cobalt Strike Servers;IP;https://raw.githubusercontent.com/fox-it/cobaltstrike-extraneous-space/master/cobaltstrike-servers.csv
CISA;KNOWN EXPLOITED VULNERABILITIES CATALOG (CSV);CVEID;https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv
MISP Feed CERT-FR;MISP Feed CERT-FR;MD5;https://misp.cert.ssi.gouv.fr/feed-misp/hashes.csv
Carbon Black;Cobalt Strike Lucky Mouse;IP;https://github.com/carbonblack/active_c2_ioc_public/blob/main/cobaltstrike/actor-specific/cobaltstrike_luckymouse_ta428.csv
Carbon Black;Cobalt Strike Pyxie;IP;https://github.com/carbonblack/active_c2_ioc_public/blob/main/cobaltstrike/actor-specific/cobaltstrike_pyxie.csv
Carbon Black;ShadowPad IOC;IP;https://github.com/carbonblack/active_c2_ioc_public/blob/main/shadowpad/shadowpad_202209.tsv
mrlooquer;Mr. Looquer IOC Feed;IP;https://iocfeed.mrlooquer.com/feed.csv
mrlooquer;Mr. Looquer IOC Feed;DNS;https://iocfeed.mrlooquer.com/feed.csv
Ipsum; Malicious and/or suspicious ip adrresses;IP;https://raw.githubusercontent.com/stamparm/ipsum/master/levels/1.txt
Ipsum; Malicious and/or suspicious ip adrresses;IP;https://raw.githubusercontent.com/stamparm/ipsum/master/levels/2.txt
Ipsum; Malicious and/or suspicious ip adrresses;IP;https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt
Ipsum; Malicious and/or suspicious ip adrresses;IP;https://raw.githubusercontent.com/stamparm/ipsum/master/levels/4.txt
Ipsum; Malicious and/or suspicious ip adrresses;IP;https://raw.githubusercontent.com/stamparm/ipsum/master/levels/5.txt
Ipsum; Malicious and/or suspicious ip adrresses;IP;https://raw.githubusercontent.com/stamparm/ipsum/master/levels/6.txt
Ipsum; Malicious and/or suspicious ip adrresses;IP;https://raw.githubusercontent.com/stamparm/ipsum/master/levels/7.txt
Ipsum; Malicious and/or suspicious ip adrresses;IP;https://raw.githubusercontent.com/stamparm/ipsum/master/levels/8.txt
eCrimeLabs;Vulnerabilities with Metasploit exploit available;CVEID;https://feeds.ecrimelabs.net/data/metasploit-cve
drb-ra;IPC2s-30day;IP;https://github.com/drb-ra/C2IntelFeeds/blob/master/feeds/IPC2s-30day.csv
drb-ra;domainC2swithURLwithIP-30day-filter-abused;URL;https://github.com/drb-ra/C2IntelFeeds/blob/master/feeds/domainC2swithURLwithIP-30day-filter-abused.csv
drb-ra;domainC2swithURLwithIP-30day-filter-abused;IP;https://github.com/drb-ra/C2IntelFeeds/blob/master/feeds/domainC2swithURLwithIP-30day-filter-abused.csv
drb-ra;domainC2s;URL;https://github.com/drb-ra/C2IntelFeeds/blob/master/feeds/domainC2s.csv
montysecurity;Ratel C2;IP;https://github.com/montysecurity/C2-Tracker/blob/main/data/Brute%20Ratel%20C4%20IPs.txt
montysecurity;Cobalt Strike;IP;https://github.com/montysecurity/C2-Tracker/blob/main/data/Brute%20Ratel%20C4%20IPs.txt
montysecurity;Sliver C2;IP;https://github.com/montysecurity/C2-Tracker/blob/main/data/Sliver%20C2%20IPs.txt
montysecurity;Posh C2;IP;https://github.com/montysecurity/C2-Tracker/blob/main/data/Posh%20C2%20IPs.txt
montysecurity;MetaSploit C2;IP;https://github.com/montysecurity/C2-Tracker/blob/main/data/Metasploit%20Framework%20C2%20IPs.txt
montysecurity;Havoc C2;IP;https://github.com/montysecurity/C2-Tracker/blob/main/data/Havoc%20C2%20IPs.txt
SNORT;IP Blocklist;IP;https://snort.org/downloads/ip-block-list
Abuse.ch;Recent Malware URLs;URL;https://urlhaus.abuse.ch/downloads/csv_recent/
CyberCure;Bad Hash Feed;MD5;https://api.cybercure.ai/feed/get_hash?type=csv
Phishing Army;The Blocklist to filter Phishing;URL;https://phishing.army/download/phishing_army_blocklist.txt
Phishing Army;The Blocklist to filter Phishing. This is the extended version also contains domains without subdomains.;URL;https://phishing.army/download/phishing_army_blocklist_extended.txt
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Today);URL;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/today.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Today);DNS;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/today.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Today);IP;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/today.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Today);SHA256;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/today.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Today);MD5;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/today.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Week);URL;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/week.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Week);DNS;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/week.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Week);IP;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/week.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Week);SHA256;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/week.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Week);MD5;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/week.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Month);URL;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/month.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Month);DNS;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/month.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Month);IP;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/month.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Month);SHA256;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/month.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Month);MD5;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/month.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Year);URL;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/year.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Year);DNS;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/year.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Year);IP;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/year.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Year);SHA256;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/year.csv
tweetfeed.live;TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. (Year);MD5;https://raw.githubusercontent.com/0xDanielLopez/TweetFeed/master/year.csv
Proofpoint;Compromised IP addresses List;IP;https://rules.emergingthreats.net/blockrules/compromised-ips.txt
OpenPhish;Phishing URLs;URL;https://openphish.com/feed.txt
Botvrij.eu;Blacklist Domain;DNS;https://www.botvrij.eu/data/blocklist/blocklist_domain.csv
Botvrij.eu;IOC List MD5;MD5;https://www.botvrij.eu/data/ioclist.md5
Botvrij.eu;IOC List SHA1;SHA1;https://www.botvrij.eu/data/ioclist.md5
Botvrij.eu;IOC List SHA256;SHA256;https://www.botvrij.eu/data/ioclist.sha256
Botvrij.eu;OSINT MD5 Hashes;MD5;https://www.botvrij.eu/data/feed-osint/hashes.csv
PhishTank;Phishing URLs;URL;http://data.phishtank.com/data/online-valid.json
Cert.PL;Recent Phishing Domains;URL;https://hole.cert.pl/domains/domains.csv
AlienVault;IP Reputation Generic;IP;https://reputation.alienvault.com/reputation.generic
GreenSnow;IP Blocklist;IP;https://blocklist.greensnow.co/greensnow.txt
CINSscore;Bad IP list;IP;https://cinsscore.com/list/ci-badguys.txt
CyberCure;Blocked URL Feed;URL;https://api.cybercure.ai/feed/get_url?type=csv
CyberCure;BLocked IP Feed;IP;https://api.cybercure.ai/feed/get_ips?type=csv
fireho;level1;IP;https://raw.githubusercontent.com/ktsaou/blocklist-ipsets/master/firehol_level1.netset
Miray;IP Blocklist;IP;https://mirai.security.gives/data/ip_list.txt
ThreatMon;The Daily C2 Feed is a community contribution provided by ThreatMon Cyber Threat Intelligence under the name TM Threat Intelligence, which provides users with command-and-control (C2) servers that malware uses to exfiltrate data from the computer infected with the malware, limited for everyone's safety. Note that the file changes every day.;URL;https://github.com/ThreatMon/ThreatMon-Daily-C2-Feeds
NIST;National Vulnerability Database;CVEID;https://services.nvd.nist.gov/rest/json/cves/2.0
Ellio;Firewall Threat List;IP;https://cdn.ellio.tech/community-feed
NetCraft;Cybercrime on Top Level Domains;DNS;https://trends.netcraft.com/cybercrime/tlds
montysecurity;BurpSuite IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/BurpSuite%20IPs.txt
montysecurity;Deimos IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/Deimos%20C2%20IPs.txt
montysecurity;GoPhish IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/GoPhish%20IPs.txt
montysecurity;Gotham Stealer IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/Gotham%20Stealer%20IPs.txt
montysecurity;Hashcat Cracking Tool IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/Hachcat%20Cracking%20Tool%20IPs.txt
montysecurity;MetaSploit Framework C2 IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/Metasploit%20Framework%20C2%20IPs.txt
montysecurity;Mythic C2 IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/Mythic%20C2%20IPs.txt
montysecurity;NimPlant C2 IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/NimPlant%20C2%20IPs.txt
montysecurity;Panda C2 IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/PANDA%20C2%20IPs.txt
montysecurity;Posh C2 IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/Posh%20C2%20IPs.txt
montysecurity;PowerSploit IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/PowerSploit%20IPs.txt
montysecurity;XMRig Monero CryptoMiner IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/XMRig%20Monero%20Cryptominer%20IPs.txt
montysecurity;All Malicious IPs;IP;https://raw.githubusercontent.com/montysecurity/C2-Tracker/main/data/all.txt
urlabuse;URL ABUSE BLACKLIST FEED BY URLABUSE.COM;URL;https://urlabuse.com/public/data/data.txt
urlabuse;Malware Domain Feed APK;URL;https://urlabuse.com/public/data/malware_url.txt
urlabuse;Phishing URL feed;URL;https://urlabuse.com/public/data/phishing_url.txt
urlabuse;Hacked URL feed;URL;https://urlabuse.com/public/data/hacked_url.txt
urlabuse;Malware Domain Feed APK;URL;https://urlabuse.com/public/data/malware_url.txt
tsirolnik;Spam Domains;DNS;https://raw.githubusercontent.com/tsirolnik/spam-domains-list/master/spamdomains.txt
drb-ra;Unverified C2 IPs;IP;https://github.com/drb-ra/C2IntelFeeds/blob/master/feeds/unverified/IPC2s.csv
DigitalSide Threat-Intel;DigitalSide Threat-Intel URLs last 7 days;URL;https://osint.digitalside.it/Threat-Intel/lists/latesturls.txt
DigitalSide Threat-Intel;DigitalSide Threat-Intel IPs last 7 days;IP;https://osint.digitalside.it/Threat-Intel/lists/latesturls.txt
DigitalSide Threat-Intel;DigitalSide Threat-Intel DNS last 7 days;DNS;https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
virtualfabric;Domains (pihole, diversion, pfblockerng, personalblocklist, personaldnsfilter) via CDN;DNS;https://nocdn.nrd-list.com/0/nrd-list-32-days.txt
virtualfabric;Domains (pihole, diversion, pfblockerng, personalblocklist, personaldnsfilter) direct;DNS;https://nocdn.threat-list.com/0/domains.txt
virtualfabric;Adblock Plus Filter List (adguard. adguardhome, ublockorigin, adblockplus, adnauseum, adblock, opera, vivaldi);DNS;https://nocdn.threat-list.com/1/domains.txt
CISA;KNOWN EXPLOITED VULNERABILITIES CATALOG (JSON);CVEID;https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
threatview.io;OSINT Threat Feed Malicious indicators of compromise gathered from OSINT Source - Twitter and Pastebin;IP;https://threatview.io/Downloads/Experimental-IOC-Tweets.txt
threatview.io;C2 Hunt Feed Infrastructure hosting Command & Control Servers found during Proactive Hunt by Threatview.io;IP;https://threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt
threatview.io;C2 Hunt Feed Infrastructure hosting Command & Control Servers found during Proactive Hunt by Threatview.io;DNS;https://threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt
threatview.io;IP Blocklist Malicious IP Blocklist for known Bad IP addresses;IP;https://threatview.io/Downloads/IP-High-Confidence-Feed.txt
threatview.io;All IP addresses which have been reported within the last 48 hours as having run attacks on the service FTP.;IP;https://lists.blocklist.de/lists/ftp.txt
threatview.io;Domain Blocklist Malicious Domains identified for phishing/ serving malware/ command and control;DNS;https://threatview.io/Downloads/DOMAIN-High-Confidence-Feed.txt
threatview.io;MD5 Hash Blocklist: MD5 hashes of malicious files or associated with - malware, ransomware, hack tools, bots etc.;MD5;https://threatview.io/Downloads/MD5-HASH-ALL.txt
threatview.io;URL Blocklist Malicious URL's serving malware, phishing, botnets and C2;URL;https://threatview.io/Downloads/URL-High-Confidence-Feed.txt
threatview.io;SHA File Hash Blocklist SHA hashes of files known or linked with malware execution;SHA1;https://threatview.io/Downloads/SHA-HASH-FEED.txt
ransomware.live;Returns all victims mentioned on ransomware leaked sites;RANSOMWARELEAK;https://api.ransomware.live/allcyberattacks
Abuse.ch;JA3 Fingerprints;JA3;https://sslbl.abuse.ch/blacklist/ja3_fingerprints.csv
cydave;List of observed SSH authentication attempts, last 24 hours;IP;https://blocklists.0dave.ch/ssh.txt
X4BNet;VPN IPs;IP;https://github.com/X4BNet/lists_vpn/blob/main/output/vpn/ipv4.txt
mthcht;Suspicious Named Pipes;NamePipe;https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_named_pipe_list.csv
mthcht;Nord VPN IP List;IP;https://github.com/mthcht/awesome-lists/blob/main/Lists/VPN/NordVPN/nordvpn_ips_list.csv
mthcht;Proton VPN IP List;IP;https://github.com/mthcht/awesome-lists/blob/main/Lists/VPN/ProtonVPN/protonvpn_ip_list.csv
Daniel Austin MBCS;TOR Exit Nodes;IP;https://www.dan.me.uk/torlist/?exit
Daniel Austin MBCS;TOR All Nodes;IP;https://www.dan.me.uk/torlist/?full