Threat Intelligence

Threat Intelligence Feeds

Site Description
Abuse.chHomepage for several threat feeds
URLHaus – Abuse.ch URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.
Feodo Tracker – Abuse.ch Feodo Tracker is a project of abuse.ch with the goal of sharing botnet C&C servers associated with the Feodo malware family (Dridex, Emotet/Heodo)
Ransomware Tracker – Abuse.ch Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware
Cryptolaemus Pastedump Emotet Tracking by Twitter Users
Mirai-like Botnet Database of malicious IP addresses associated to Mirai
VirusTotal Community Virus Total submission feed
Threat Miner Database of malicious IOCs associated to malware
Bambnek Threat Feed Database of malicious IP addresses associated to Bambek
GreyNoise Visualizer Database of malicious IOCs associated to malware
Covert.io List of threat feeds
ThreatFeeds.io List of threat feeds
FireHOLList of threat feeds

Frameworks & Platforms

SiteDescription
MISPThe Malware Information Sharing Platform (MISP) is an open source software solution for collecting, storing, distributing and sharing cyber security indicators.
PulseDive Pulsedive is a free, community threat intelligence platform that is consuming open-source feeds, enriching the IOCs, and running them through a risk-scoring algorithm to improve the quality of the data.
RISK IQ The PassiveTotal platform is a threat-analysis platform which provides analysts with as much data as possible.
Recorded Future Contextualized threat intelligence, relevant insights, updated in real time, and integrated with your existing infrastructure.
YetiYeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.

Formats

SiteDescription
TAXIITrusted Automated eXchange of Indicator Information (TAXII) is a free and open transport mechanism that standardizes the automated exchange of cyber threat information.
STIXX Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI).

Threat Intelliegence Resources

SiteDescription
APT & Cyber Criminal Campaign Collection Extensive collection of (historic) campaigns. Entries come from various sources.
MITRE ATT&CK MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
RedCanary Red Team Attacks All Atomic Tests by ATT&CK Tactic & Technique
Threat Hunting Project Hunting for adversaries in your IT environment
Building Threat Hunting Strategies with the Diamond Model Blogpost by Sergio Caltagirone on how to develop intelligent threat hunting strategies by using the Diamond Model.
NIST 800-150 Guide to Cyber Threat Information Sharing The guide provides guidelines for coordinated incident handling, including producing and consuming data, participating in information sharing communities, and protecting incident-related data.
Pyramid of Pain The Pyramid of Pain is a graphical way to express the difficulty of obtaining different levels of indicators and the amount of resources adversaries have to expend when obtained by defenders.
SANS Threat Hunting Reading RoomCollection of talks and resources from SANS.
CWE Top 25 The Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors
OWASP Top 10 The Open Web Application Security Project maintains a regularly-updated list of the most pressing web application security concerns.