test

Count Description
1 Rapid7 is a tool which reduces risk across your entire connected
environment by creating sites and assets and scan them in that
connected environment.
1 This integration is for fetching information about assets in Axonius.
1 Google safe browsing checks URLs against Google-generated lists of
unsafe web resources.
1 Windows OS directory service that facilitates working with
interconnected, complex and different network resources.
1 Gh0st RAT is a longstanding remote access trojan (RAT) that has
been actively used in cyber espionage campaigns since its public
release in 2008. It allows attackers to remotely control infected
Windows systems, enabling activities such as keystroke logging,
screen capturing, file transfers, and activating webcams and
microphones.
1 Dan Pollock is renowned in the cybersecurity community for
maintaining the Someone Who Cares hosts file, a widely respected
resource aimed at enhancing online privacy and security. This hosts
file effectively blocks access to numerous unwanted domains,
including those associated with advertising, tracking, and malicious
activities.
1 Oyster is a backdoor malware known for establishing
unauthorized remote access to compromised systems, often utilizing
Command and Control (C2) servers for communication. To detect and
mitigate threats associated with Oyster, integrating specialized threat
intelligence feeds into your security infrastructure is essential.
1 Freshservice is a cloud-based IT Service Management solution that
was designed using ITIL best practices.
1 Villain is an advanced Command and Control (C2) framework
designed for penetration testing and red teaming assessments. It
enables the management of multiple TCP socket and HoaxShell-
based reverse shells, enhancing their functionality with additional
features and facilitating collaboration among different instances
running on separate machines.
1 The Cybersecurity and Infrastructure Security Agency (CISA) offers
several services to facilitate the sharing of cyber threat intelligence,
aiding organizations in enhancing their cybersecurity posture.
1 ThreatMiner is a threat intelligence tool to find additional information
on indicators of compromise (IOC) such as domain names, IP
addresses and files hash values.
1 ZeroDot1 is recognized for curating threat intelligence feeds that
focus on identifying and blocking domains and IP addresses
associated with unauthorized cryptocurrency mining activities,
commonly referred to as cryptojacking. These feeds are instrumental
in enhancing cybersecurity measures by preventing malicious entities
from exploiting system resources for illicit mining operations.
1 ShadowPad is a sophisticated modular backdoor malware that has
been active since 2015. Initially discovered in a supply chain attack
against NetSarang software in 2017, it has since been used by
 various Chinese threat groups for cyber espionage. Its modular
design allows attackers to deploy additional malicious payloads,
facilitating a wide range of cyberattacks.
1 Binary Defense is a cybersecurity company specializing in services
such as Managed Detection and Response (MDR), Threat Hunting,
Digital Risk Protection, and Enhanced Response Services. They offer
a free threat intelligence feed known as the Binary Defense Systems
Artillery Threat Intelligence Feed, which provides a list of known
malicious IP addresses.
1 Supershell is a backdoor malware developed in the Go
programming language, capable of compromising multiple platforms,
including Windows, Linux, and Android. Its primary function is to
establish a reverse shell, granting unauthorized remote control over
infected systems. Recent incidents have highlighted its distribution
targeting inadequately managed Linux SSH servers.
1 Google Cloud Platform service is a management service for
managing GCP virtual machines.
1 DarkComet is a Remote Access Trojan (RAT) that has been utilized
by cybercriminals to gain unauthorized access to victims' systems,
enabling activities such as data theft and system manipulation. To
monitor and defend against threats like DarkComet, organizations
can leverage various threat intelligence feeds and tools: 1.Malware
Information Sharing Platform (MISP) 2.AlienVault Open Threat
Exchange 3.Abuse.ch 4.VirusTotal Intelligence
1 sdefrgt
1 Rapid7 InsightIDR is a Cloud-Based SIEM that detect and respond to
security incidents.
1 These are streams of data that provide up-to-date information on
 potential or active cyber threats. They help security systems identify
and block malicious activity. This could include: Lists of malicious
domains and URLs used in phishing attacks, IP addresses associated
with phishing infrastructure, Information on phishing campaigns
targeting specific regions or groups.
1 This application provides MySQL integration for executing queries.
1 Jira Software
1 URLScan is a service to scan and analyse websites.
1 Brute Ratel C4 (BRc4) is an advanced red-teaming and adversarial
attack simulation tool designed to emulate threat actor behaviors for
security assessments. Developed to bypass modern security
solutions, including Endpoint Detection and Response (EDR) systems
and antivirus software, BRc4 has unfortunately been appropriated by
malicious actors to conduct real-world attacks.
1 NanoCore RAT offers verified IOCs related to NanoCore RAT,
including malicious IP addresses, domains, and URLs. This feed
empowers Security Operations Center (SOC) teams to swiftly identify
and block threats associated with this malware. It Provides curated
packages of IOCs selected based on specific criteria, ready to
support decision-making processes. While not exclusively focused on
NanoCore RAT, Maltiverse's feeds encompass various malware
threats, including RATs, and can be instrumental in identifying and
mitigating related activities.
1 Elasticsearch is a distributed, open source search and analytics
engine for all types of data, including textual, numerical, geospatial,
structured, and unstructured.
1 FortiSIEM is a security information and event management (SIEM)
solution that offers real-time monitoring, threat detection, and
 response across network and security devices.
1 werfg
1 CrowdStrike next-gen siem is the platform to protect endpoints with
ease: Stop breaches and improve performance with the power of the
cloud, artificial intelligence (AI) and an intelligent, lightweight agent
1 Havoc is an open-source Command and Control (C2) framework
developed by C5pider, utilized by both security professionals for
legitimate penetration testing and by threat actors for malicious
activities. Its modular design and advanced evasion techniques make
it a notable tool in the cybersecurity landscape.
1 Jira Identity and Access Management
1 GreenSnow is a threat intelligence platform specializing in the
detection and analysis of malicious domains and URLs, particularly
those associated with phishing and other cyber threats. It provides
real-time data and insights into newly registered and potentially
harmful domains, enabling cybersecurity professionals to identify and
mitigate risks before exploitation.
1 To fetch the destination IP ids.
1 The NoTrack Malware Blocklist is a curated list of domains
associated with malware, designed to enhance network security by
preventing access to malicious sites. Maintained by the NoTrack
project, this blocklist is part of a broader initiative to protect users
from various online threats.
1 The Mobile Security Framework (MobSF) is an automated, all-in-one
platform designed for mobile application penetration testing, malware
analysis, and security assessment across Android, iOS, and Windows
platforms. It offers both static and dynamic analysis capabilities,
 enabling comprehensive evaluation of mobile applications.
1 Provides data enrichment for domains.
1 ThreatView.io is a Cyber Threat Intelligence project that provides
actionable threat feeds to assist security professionals in identifying
and mitigating malicious activities. These feeds are curated from
high-quality datasets and sources, ensuring relevance and accuracy.
1 Cobalt Strike is a popular red-teaming and adversary simulation tool
that threat actors frequently misuse for post-exploitation activities.
The Command and Control (C2) servers used in malicious operations
are tracked in various threat intelligence feeds to help organizations
detect and mitigate attacks.
1 GitHub is a code hosting platform for version control and
collaboration. It lets you and others work together on projects from
anywhere.
7 For testing purpose
1 Azure Security Center is a unified infrastructure security management
system that strengthens the security posture of your data centers.
1 Pipl is a search engine to find information related to a user.
1 Symphony SummitAI is an ITIL-compliant service management
solution that leverages the latest advances in AI-powered digital
agents and service automation. Here we concentrate mainly on
Incident Management.
1 Project Honey Pot is a web-based honeypot network operated by
Unspam Technologies, Inc. It collects information about IP addresses
used for harvesting email addresses, sending spam, and other forms
of email fraud.
1 Google Chronicle is a SIEM tool
2 Cisco Umbrella is cloud-delivered enterprise network security
software that provides users with a first line of defense against cyber
security threats.
1 IP-based virtual hosting is a method to apply different directives
based on the IP address and port a request is received on.
1 The National Cyber Security Centre (NCSC) offers several resources
to enhance your organization's cybersecurity posture: 1. RSS Feeds
2. Threat Intelligence Guidance 3. Arctic NCSC Feed 4. Malware
Free Networks (MFN) By leveraging these resources, your
organization can stay informed about emerging threats and enhance
its ability to respond effectively to cybersecurity challenges.
1 Google Drive is a free cloud-based storage service that enables users
to store and access files online.
1 The ph00lt0 Blocklist is a comprehensive collection of domains
aimed at enhancing privacy and security by blocking various
unwanted categories, including advertising, tracking tools, data
brokers, malware, phishing sites, and scams. Maintained by the
developer ph00lt0, this blocklist is designed for users who prioritize
stringent privacy measures.
1 Shodan is a search engine that lets the user find specific types of
computers connected to the internet using a variety of filters.
1 You can use Amazon CloudWatch Logs to monitor, store, and access
your log files from Amazon Elastic Compute Cloud (Amazon EC2)
instances, AWS CloudTrail, Route 53, and other sources.
1 Amazon Simple Storage Service (Amazon S3)
1 Securonix increases your security through improved visibility,
actionability, and security posture, while reducing management and
 analyst burden.
1 Emerging Threats, now a part of Proofpoint, offers comprehensive
threat intelligence feeds designed to enhance organizational
cybersecurity defenses. These feeds provide timely and accurate
information on malicious activities, aiding in the prevention of attacks
and reduction of risks.
1 Manage F5 Firewall.
1 Use the Zoom integration manage your Zoom users and meetings
1 SysAid a ticketing tool
1 phishing.army. Phishing Army, The Blocklist to filter Phishing! The
Blocklist to filter Phishing domain! Compatible with Pi-Hole, AdAway,
Blokada and any other Host/DNS filtering system.
1 Microsoft Outlook is the preferred email client used to send and
receive emails by accessing Microsoft Exchange Server email.
Outlook also provides access contact, email calendar and task
management features.
1 The Ares Remote Access Tool (RAT) is a Python-based malware
comprising two primary components: 1.Command and Control (C2)
Server 2.Agent Program, This tool has been utilized in various cyber
campaigns, notably by threat groups such as APT SideCopy, which
has targeted Indian government and defense entities.
1 DNS sinkholing is a cybersecurity technique that redirects malicious
or unwanted domain name system (DNS) requests to a designated IP
address, effectively preventing connections to harmful sites. This
method is instrumental in disrupting malware communications,
particularly those involving botnets and command-and-control (C2)
servers.
1 XMRig is an open-source cryptocurrency mining software designed
for mining Monero (XMR). While it serves legitimate purposes, XMRig
is frequently misused by malicious actors to exploit compromised
systems for unauthorized cryptomining, a practice known as
cryptojacking. This unauthorized use can lead to degraded system
performance, increased energy consumption, and potential legal
ramifications for organizations.
1 Elasticsearch SIEM Tool.
1 Amazon Elastic Compute Cloud (Amazon EC2)
1 BruteForceBlocker is a perl script, that works along with pf , firewall
developed by OpenBSD team (Which is also available on FreeBSD
since version 5.2 is out). Its main purpose is to block SSH bruteforce
attacks via firewall.
1 The Cloudlock API provides a detailed view of applications, entities,
and network incidents. You can programmatically manage lists of
destinations (IP addresses), and integrate the Cloudlock detection
and response information into your security workflows.
1 Confluence is a team workspace where knowledge and collaboration
meet. Dynamic pages give your team a place to create, capture, and
collaborate on any project or idea.
2 AWS Identity and Access Management (IAM) provides fine-grained
access control across all of AWS. With IAM, you can specify who can
access which services and resources.
1 Azure Firewall is a cloud-native and intelligent network firewall
security service that provides the best of breed threat protection for
your cloud workloads running in Azure.
1 Viper C2 is a command and control (C2) framework used by red
 teams and threat actors for post-exploitation, persistence, and lateral
movement within compromised environments. It is often used in
adversary simulation
1 A calendar which is a container for events. You can create or
schedule an event, Get the specific event by searching their name,
and also list all events as well.
1 AWS Certificate Manager is a service that lets you easily provision,
manage, and deploy public and private Secure Sockets Layer/
Transport Layer Security (SSL/TLS) certificates for use with AWS
services and your internal connected resources.
1 Zscaler is a cloud security solution built for performance and flexible
scalability. This integration enables you to manage URL and IP
address allow lists and block lists in a Zscaler session.
1 Through Slack IAM you can easily manage all users existing in your
account.
1 Confluence is a team workspace where knowledge and collaboration
meet
1 AlienVault manages cyber attacks, including the Open Threat
Exchange, the world's largest crowd-sourced computer-security
platform.
2 Network security management platform that provides situational
awareness and compliance support
6 blocklist.de is a free and voluntary service provided by a Fraud/
Abuse-specialist, whose servers are often attacked via SSH-, Mail-
Login-, FTP-, Webserver- and other services.
1 Brute force attacks are used to obtain pairs of user names and
passwords illegally by using all existing pairs to login to network
 services. These are a major security threat faced by network service
administrators.
1 Integrate with AWS's services to execute CRUD operations for
employee lifecycle processes.
1 NoCoin-AH threat feeds focus on detecting and mitigating
cryptojacking and unauthorized cryptocurrency mining activities.
These feeds help security solutions identify malicious domains, IPs,
hashes, and behaviors associated with cryptojacking campaigns.
1 KADhosts is a curated hosts file designed to block advertisements,
tracking sites, and other unwanted content by mapping known ad-
serving and malicious domains to a non-routable IP address (typically
0.0.0.0). This approach prevents your system from connecting to
these domains, thereby enhancing privacy and security during web
browsing.
2 Microsoft Teams is the hub for teamwork in Microsoft 365. The Teams
service enables instant messaging, audio and video calling, rich
online meetings, mobile experiences, and extensive web
conferencing capabilities.
1 Microsoft Shift is a schedule management tool that helps you create,
update, and manage schedules for your team.
1 Living Off the Land Binaries and Scripts (LOLBAS) are legitimate
system utilities that threat actors exploit for malicious purposes,
making detection challenging. To enhance your organization's
security posture, integrating LOLBAS threat feeds into your security
infrastructure is essential.
1 MineMeld streamlines the aggregation, enforcement and sharing of
threat intelligence.
1 Cisco Identity Services Engine (ISE) is a next-generation identity and
access control policy platform that enables enterprises to enforce
compliance, enhance infrastructure security, and streamline their
service operations.
1 This feed, available through the MISP (Malware Information Sharing
Platform) project, provides a list of IP addresses associated with
malicious activities targeting VNC services. Integrating this feed into
your security infrastructure can help in identifying and blocking
potential threats
1 Palo Alto Networks' Unit 42 offers a range of threat intelligence
resources to help organizations enhance their cybersecurity posture:
1. Unit 42 Threat Intelligence Portal 2. Unit 42 TAXII Feed Portal 3.
GitHub Repository for Timely Threat Intelligence 4. Cortex XSOAR
Integration
1 Managing a Fortinet firewall involves configuring and fine-tuning
security policies to control inbound and outbound traffic based on
specific rules.
1 IPsum is a threat intelligence feed that aggregates data from over 30
publicly available lists of suspicious and malicious IP addresses. By
collecting and parsing these sources daily, IPsum compiles a
comprehensive list of IP addresses, each accompanied by a blacklist
hit score indicating the number of lists on which the IP appears. A
higher score suggests a greater likelihood of malicious activity,
thereby reducing the chance of false positives when blocking or
monitoring these IPs.
1 Analyse suspicious files, domains, IPs and URLs to detect malware
and other breaches, automatically share them with the security
community.
1 Symantec Content Analysis delivers effective tools for malware
analysis to ensure that only truly unknown content is brokered to
sandboxes so Incident Response teams focus on real threats, not
false alarms.
1 ELLIO is a cybersecurity company specializing in threat intelligence,
particularly focusing on mass exploitation and reconnaissance
threats. They offer dynamic IP threat feeds designed to enhance
organizational security by providing real-time data on malicious
activities.
1 Blocklist.de is a voluntary service that aggregates reports of malicious
activities, including SSH attacks, from users worldwide. By collecting
data on these attacks, Blocklist.de provides threat intelligence feeds
that organizations can use to enhance their security measures.
1 DNIF Hypercloud is a cloud-native solution integrating SIEM for
efficient large-scale data management, alert reduction via cognitive
ML, and seamless security integration.
1 Command and Control (C2) servers are critical components in cyber-
attacks, enabling threat actors to maintain communication with
compromised systems. To defend against such threats, organizations
can utilize threat intelligence feeds that provide up-to-date information
on known C2 infrastructures.
1 VX Vault is a well-known repository that aggregates and shares
information on malicious URLs, IP addresses, and malware samples.
Security professionals and researchers utilize VX Vault's threat feed
to enhance their cybersecurity measures by identifying and mitigating
potential threats.
1 Microsoft Graph Files that connects with files across OneDrive,
OneDrive for Business, and SharePoint document libraries.
1 Cyble offers comprehensive DFIR services to help businesses
manage, mitigate, and recover from cyber incidents.
1 Office 365 is a cloud-based service that is designed to help
organization's needs for robust security, reliability, and user
productivity.
1 This is a free service to check whether emails or domains have been
compromised in recent breaches.
1 These are data streams that provide up-to-date information about
potential cyber threats. In this context, they contain lists of IP
addresses and other indicators of compromise (IOCs) associated with
Patriot Stealer. These feeds are used to Detect and block malicious
network traffic, Identify infected systems, Enhance overall
cybersecurity defenses.
1 GitHub IAM is used for handling user accounts and knowing other
Github information if exists
1 CERT Polska (CERT-PL), operating within the NASK Research
Institute, serves as the Computer Emergency Response Team for
Poland. They provide various cybersecurity services, including threat
intelligence feeds, to enhance the security posture of organizations
and individuals.
1 Cymon.io open tracker of malware, phishing, botnets, spam, and
more.
1 MITRE Caldera is an open-source cybersecurity platform developed
to simulate adversarial tactics, techniques, and procedures (TTPs).
Built upon the MITRE ATT&CK framework, Caldera enables security
professionals to assess and enhance their organization's defenses by
emulating real-world cyber threats.
1 Targeted threat intelligence feeds provide organizations with
specialized information on cyber threats that are specifically relevant
to their industry, geographic location, or technological infrastructure.
These feeds enable security teams to focus on threats that pose the
most significant risks to their operations, allowing for more efficient
and effective threat detection and mitigation.
1 Remcos RAT (Remote Control and Surveillance Software) is a
remote access trojan that has been active since 2016. Initially
marketed as a legitimate tool for remote system management, it has
been widely adopted by malicious actors for unauthorized access,
data exfiltration, and system control.
1 UnamWebPanel is an open-source web-based management
interface designed to monitor and control mining operations
associated with tools like SilentCryptoMiner. Developed by
UnamSanctam, it offers functionalities such as real-time statistics,
miner status tracking, and IP blocking to prevent unauthorized
access.
1 234
1 Slack is a messaging app for teams.
1 OpenPhish is a fully automated self-contained platform for phishing
intelligence. It identifies phishing sites and performs intelligence
analysis in real time without human intervention and without using
any external resources, such as blacklists.
1 The CINS Score is a threat intelligence metric developed by Sentinel
IPS, designed to assess the trustworthiness of IP addresses based
on observed malicious activities. By leveraging data from a global
network of Sentinel devices and reputable InfoSec sources, each IP
address is assigned a score that reflects its potential threat level.
1 Gmail is a free Web-based e-mail service that provides users with a
gigabyte of storage for messages and provides the ability to search
for specific messages.
1 Akamai offers comprehensive threat intelligence services designed to
enhance organizational cybersecurity. Their Security Research
division provides advanced insights to identify and protect against
emerging cyber threats.
1 PhishTank is an anti-phishing site.
1 SpiceRAT is a Remote Access Trojan (RAT) attributed to the threat
actor group SneakyChef, known for targeting government agencies
across Europe, the Middle East, Africa, and Asia. Delivered primarily
through phishing emails containing malicious attachments, SpiceRAT
enables unauthorized access, persistence, and data exfiltration from
compromised systems.
1 ZeroAccess, also known as Sirefef, is a sophisticated Trojan horse
that primarily targets Microsoft Windows operating systems. It is
notorious for creating a botnet utilized for activities such as click fraud
and cryptocurrency mining. Employing rootkit techniques, ZeroAccess
conceals its presence, making detection and removal challenging.
1 BluSapphire’s Intelligent Cyber Defense Platform does the heavy
lifting for you by detecting threats early, and responding using
automation methods reducing your operational costs and improving
your efficacy.
1 Spamhaus Extended DROP List (EDROP) EDROP is an extension of
the DROP list that includes suballocated netblocks controlled by
spammers or cyber criminals. EDROP is meant to be used in addition
to the direct allocations on the DROP list.
1 URLhaus is a project operated by abuse.ch with the purpose of
 sharing malicious URLs that are being used for malware distribution.
1 BitRAT is a remote access trojan (RAT) that has been actively used
by cybercriminals since its emergence in early 2021. It offers a range
of malicious capabilities, including data theft, keylogging, webcam
and microphone activation, cryptocurrency mining, and distributed
denial-of-service (DDoS) attacks.
1 MD5 hashes are widely utilized in threat intelligence to identify and
track malicious files. Integrating threat feeds that provide MD5 hash
indicators of compromise (IoCs) can significantly enhance an
organization's ability to detect and respond to security threats.
2 sdf
1 The Browser Exploitation Framework (BeEF) is an open-source
penetration testing tool that focuses on identifying and exploiting
vulnerabilities within web browsers. By targeting the browser, BeEF
allows security professionals to assess the security posture of a
target environment using client-side attack vectors.
1 OSINT.DigitalSide.IT is a personal project with the only purpose to
share valuable security information.
1 APP
1 Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity
and access management service.
1 A bot IP blocklist blocks illegitimate or malicious IP addresses from
accessing your website or app. Some bot traffic is welcome, like
search engine spiders that crawl your website content and index your
pages or keep track of your unique monthly visitors, page views, and
demographics.
1 DeimosC2 is an open-source, cross-platform command and control
 (C2) framework written in Go, designed for managing compromised
systems during post-exploitation phases. It operates seamlessly
across platforms like Windows, macOS, and Linux, offering versatility
for both legitimate security testing and potential malicious use.
1 POP3 Gropers refers to malicious entities that exploit the Post
Office Protocol version 3 (POP3) to gain unauthorized access to
email accounts. These attackers often employ techniques such as
brute-force attacks to compromise user credentials, posing significant
security risks.
1 Everest Infraon is a service management tool designed to help
businesses, especially SMEs, manage their IT infrastructure, assets,
and operations
1 Secure requests to the management service can be authenticated by
creating an Azure AD application and using the Active Directory
Authentication.
1 Central management console that manages Trend Micro products
and services at the gateway, mail server, file server,and corporate.
1 MISP is a threat intelligence platform for gathering, sharing, storing
and correlating Indicators of Compromise of targeted attacks, threat
intelligence.
2
1 The SSL Blacklist (SSLBL) is a project of abuse.ch with the goal of
detecting malicious SSL connections, by identifying and blacklisting
SSL certificates used by botnet C&C servers.
1 Patch manager Plus facilitates to perform various patching activities
easily from a single console
1 Dimitris Koutsouvelis, known as ktsaou on GitHub, is the creator of
 the FireHOL project, which includes a comprehensive collection of IP
blocklists known as blocklist-ipsets. These dynamically updated
ipsets are designed to enhance network security by providing curated
lists of IP addresses associated with malicious activities.
1 Hashcat is the world’s fastest and most advanced password recovery
tool. It focuses on security feeds from Microsoft that track threats
such as credential stuffing, brute-force attacks, and password leaks.
1 Amazon Simple Queue Service (SQS) is a fully managed message
queuing service that enables you to decouple and scale
microservices, distributed systems, and serverless applications.
1 PassiveTotal is a threat research platform created for analysts, by
analysts.
1 This is a free malware analysis service for the community that detects
and analyzes unknown threats using a unique Hybrid Analysis
technology.
1 Wazuh is an enterprise-ready security monitoring solution for threat
detection, integrity monitoring, incident response and compliance.
1 This application provides PostgreSQL integration for executing
queries.
1 Arcsight provides big data security analytics and intelligence software
for security information and event management and log management
solutions.
1 FortiWeb is Fortinet's Web Application Firewall (WAF), guarding
against OWASP vulnerabilities and web threats. It filters traffic,
detects anomalies, and ensures strong protection for web
applications.
1 IBM X-Force Exchange is a cloud-based threat intelligence platform
 that allows you to consume, share and act on threat intelligence.
1 ADEO Cyber Security offers a range of cybersecurity services,
including Managed Detection and Response (MDR) and Cyber
Incident Response, which incorporate threat intelligence to enhance
organizational security.
1 This application fetches all the feeds from the given url.
1 Google Translate is a multilingual neural machine translation service
developed by Google to translate text, documents and websites from
one language into another.
1 Granicus, a leading provider of cloud-based solutions for government
organizations, emphasizes the integration of threat intelligence to
enhance cybersecurity measures. They actively consume and
operationalize commercial threat intelligence feeds within their
security infrastructure. This approach enables Granicus to incorporate
specific indicators of compromise (IOCs) into their Endpoint Detection
and Response (EDR) tools, facilitating the swift identification and
mitigation of potential threats.
1 (Deprecated) Managing a Fortinet firewall involves configuring and
fine-tuning security policies to control inbound and outbound traffic
based on specific rules.
1 This is a free malware repository providing researchers access to
samples, malicious feeds, and yara results.
1 Sblam! is a web service that blocks spammy posts in blog comments,
forums and guestbooks (blocks bots posting adverts for viagra, porn,
credit, casinos, etc.). It detects spam server-side and doesn't bother
users with any puzzles to retype.
1 AWS GuardDuty an intelligent threat detection service
1 Akamai WAF provides protection against a wide range of web
application attacks, including SQL injection, cross-site scripting
(XSS), remote code execution (RCE), and denial-of-service (DoS)
attacks. Akamai WAF also includes rules to protect against known
and emerging vulnerabilities.
1 GoPhish is an open-source phishing framework designed to facilitate
the simulation of phishing attacks for security testing and training
purposes. While GoPhish itself is a legitimate tool used by
organizations to assess their vulnerability to phishing, it's important to
recognize that threat actors can misuse such tools to conduct
malicious campaigns.
1 Managing a Fortigate IPS involves configuring and fine-tuning
security policies to control inbound and outbound traffic based on
specific rules.
1 Cisco WSA is an all-in-one highly secure web gateway that brings
you strong protection, complete control, and investment value. It also
offers an array of competitive web security deployment options, each
of which includes Cisco's market-leading global threat intelligence
infrastructure.
1 NetBus is a remote administration tool that was initially developed for
legitimate remote access purposes but was later widely abused as a
Trojan horse for unauthorized system access. It allows attackers to:
1.Remotely control infected machines 2.Keystroke logging 3. File
manipulation (upload/download
1 A data plane in the context of threat intelligence and cybersecurity
is responsible for handling and processing network traffic in real time.
When dealing with threat feeds, the data plane plays a crucial role in
ingesting, analyzing, and enforcing security policies based on the
 intelligence received.
1 Sekoia.io is a cybersecurity threat intelligence platform that provides
real-time threat feeds to help organizations detect and mitigate cyber
threats. It offers high-fidelity, curated threat intelligence based on
global data sources and in-depth analysis.
1 test
1 Zendesk is a simple email-based ticketing system for tracking,
prioritizing, and solving customer support tickets.
1 The 7777 botnet, also known as Quad7, is a botnet primarily
composed of compromised SOHO routers and other network devices.
It is named after its use of TCP port 7777, which attackers exploit for
malicious activities.
1 AWS WAF is a web application firewall that helps protect your web
applications or APIs against common web exploits and bots that may
affect availability, compromise security, or consume excessive
resources.
1 The Metasploit Framework is a widely used open-source platform for
developing, testing, and executing exploits against target systems.
While it serves as a valuable tool for penetration testers and security
professionals, it's important to note that Metasploit can also be
misused by malicious actors to establish Command and Control (C2)
channels within compromised networks.
1 Feodo Tracker is a project of abuse.ch with the goal of sharing botnet
C&C servers associated with the Feodo malware family (Dridex,
Emotet/Heodo). It offers various blocklists, helping network owners to
protect their users from Dridex and Emotet/Heodo.
1 SOC Prime's Threat Detection Marketplace (TDM) is a
 comprehensive platform that provides access to a vast repository of
threat detection content and threat intelligence feeds.
MY.SOCPRIME.COM It offers a global feed of security news, tailored
threat intelligence, and over 11,000 Sigma rules covering various
tactics, techniques, and procedures (TTPs). The platform supports
integration with 28 different SIEM, EDR, XDR, and data lake
solutions, facilitating seamless deployment of detection content
across diverse security infrastructures.
1 Bitbucket Server is a Git repository management solution designed
for professional teams. Its part of the Atlassian product family along
with Jira, Confluence, and many more tools designed to help teams
unleash their full potential
1 Graylog is an open-source log management platform that collects,
stores, and analyzes log data for monitoring and troubleshooting
applications and systems.
1 Sophos offers a range of threat intelligence feeds designed to
enhance cybersecurity measures by providing real-time data on
malicious activities. These feeds can be integrated into various
security systems to proactively detect and block threats.
1 Hardware Security Module(HSM) safeguards and manages digital
keys, performs encryption and decryption functions for digital
signatures, strong authentication and other cryptographic functions
1 Splunk produces software for searching, monitoring, and analyzing
machine-generated big data, via a Web-style interface.
1 Sophos endpoint security stops ransomware, phishing, and advanced
malware attacks in their tracks. Sophos combines the industry's
leading malware detection and exploit protection with extended
detection and response (XDR) to secure your entire ecosystem.
1 MalSilo is a threat intelligence platform that aggregates and shares
real-time indicators of compromise (IoCs) related to malware,
phishing, and other cyber threats. It offers curated feeds that security
teams can integrate into their systems for proactive defense.
1 Haltdos Anti-DDoS solution v7 Haltdos introduces a new feature of IP
Feed, where user can create resource containing blacklist and
whitelist source IP prefix in the bulk. The same resource will be
attached to geo filtering policy to enforce action as per selection.
1 The Spamhaus DROP (Don't Route Or Peer) lists are advisory
dropalltraffic lists, consisting of netblocks that are hijacked or leased
by professional spam or cyber-crime operations (used for
dissemination of malware, trojan downloaders, botnet controllers).
1 F5 BIG-IP Advanced Firewall Manager (AFM) is a high-performance,
full-proxy network security solution designed to protect networks and
data centers against incoming threats that enter the network on the
most widely deployed protocols.
1 For Reputation IP Feeds, here are some trusted sources that provide
real-time threat intelligence on malicious IPs used in cyber attacks,
spam, malware distribution, and other malicious activities
1 Covenant is an open-source command and control (C2) framework
primarily used for legitimate security assessments, such as red
teaming and penetration testing. While it serves as a valuable tool for
cybersecurity professionals, there is a potential risk of misuse by
malicious actors.
1 Myip.ms is a platform that provides detailed information about IP
addresses, including geolocation, hosting details, and associated
domains. While it offers various services, its primary focus is on IP
intelligence rather than dedicated threat feeds.
1 Hak5 Cloud C2 is a self-hosted command and control platform
designed to facilitate the deployment and management of Hak5
devices, such as the WiFi Pineapple and LAN Turtle, from a
centralized cloud interface. While primarily intended for legitimate
penetration testing and IT security operations, it's crucial to recognize
that, like many powerful tools, Cloud C² can be misused by malicious
actors for unauthorized activities
1 SAML 2.0 Single Sign-On
1 Use the Cisco Firepower integration for unified management of
firewalls, application control, intrusion prevention, URL filtering, and
advanced malware protection.
1 AWS Route 53 is a highly available and scalable Domain Name
System (DNS) web service.
1 ServiceNow's services to execute CRUD operations for employee
lifecycle processes.
1 Hacked_Malware is a threat intelligence feed that aggregates data on
compromised websites distributing malware. This feed is part of the
FireHOL IP Lists project, which compiles various sources of malicious
activity to assist cybersecurity professionals in identifying and
mitigating threats.
2 qwer
1 The Qualys vulnerability scanner is an advanced cybersecurity tool
used to identify and quantify software security vulnerabilities.
1 These are streams of data that provide up-to-date information about
malicious domains. They typically include lists of URLs and IP
addresses associated with phishing activity. These feeds are used by
security systems to block access to known phishing sites.
2 Pupy RAT is an open-source, cross-platform remote administration
tool (RAT) written in Python. It supports multiple operating systems,
including Windows, Linux, macOS, and Android. Originally designed
for legitimate purposes such as system administration and security
testing, Pupy RAT has been misused by malicious actors for
unauthorized access, data exfiltration, and other nefarious activities.
1 Miroslav Stampar, known by the handle stamparm, is a prominent
figure in the cybersecurity community, recognized for developing
several open-source threat intelligence tools and feeds. Notable
among his contributions are: 1. IPsum: Daily Malicious IP Feed 2.
Maltrail: Malicious Traffic Detection Systema
1 Google Docs is an online word processor that lets you create and get
documents.
1 Azure Sentinel
1 ANY.RUN is a cloud-based sanbox with interactive access.
1 AdAway is an open-source ad blocker for Android devices that utilizes
host files to block advertisements system-wide. By redirecting ad-
serving domains to a non-existent IP address, AdAway effectively
prevents ads from loading across apps and websites.
1 XtremeRAT is a Remote Access Trojan (RAT) that has been used by
cybercriminals and APT groups to gain unauthorized access to
infected systems. It allows attackers to perform activities such as
keystroke logging, remote desktop control, file manipulation, and
command execution.
1 Deep Security provides advanced server security for physical, virtual,
and cloud servers.
1 ARCON | Privileged Access Management (PAM) is a comprehensive
 solution that manages, monitors and controls the security of an
increasing number of privileged accounts in modern enterprises.
1 Accessing Remote Text Files Through SSH
1 Threat intelligence service that provides actionable, contextual data
about today's IT threats to organizations.
1 This app supports to investigative actions to collect log and packet
captures from RSA Netwitness logs and packets.
1 The Malshare Project provides a public malware repository and threat
intelligence feeds to help researchers analyze and track malicious
activity.
1 Jira Service Management a ticketing tool
1 This app integrates threat intelligence from Recorded Future.
1 Okta Identity Provider
1 Cisco® Webex Teams is an easy-to-use collaboration solution that
keeps people and teamwork connected anytime, anywhere.
1 Firebug is a discontinued free and open-source web browser
extension for Mozilla Firefox that facilitated the live debugging,
editing, and monitoring of any website's CSS, HTML, DOM, XHR, and
JavaScript. Firebug.
1 Pulse Secure provides secure, authenticated access for remote users
from any web-enabled device to corporate resources—anytime,
anywhere.
1 VenomRAT is a sophisticated remote access trojan (RAT) that
enables threat actors to remotely control compromised systems,
facilitating activities such as data theft, credential harvesting, and
unauthorized surveillance. Since its emergence in 2020, VenomRAT
 has been implicated in various cyber-attacks, including massive
phishing campaigns targeting sectors like hospitality, finance, and
government across regions such as Latin America, Europe, and the
United States.
1 This tool parses user agents and determine if they are malicious as
well as enrich information about the agent.
1 Google Maps is a Web-based service that provides detailed
information about geographical regions and sites around the world.
1 AsyncRAT is an open-source Remote Access Trojan (RAT) designed
to remotely monitor and control Windows systems through a secure,
encrypted connection. While it was initially developed for legitimate
administrative purposes, its capabilities—such as keylogging, screen
recording, and remote command execution—have been exploited by
malicious actors to conduct unauthorized activities on compromised
systems.
1 With Google Calendar, you can quickly schedule meetings and
events and get reminders about upcoming activities, so you always
know what's next.
1 Cisco Advanced Malware Protection (AMP) for Endpoints is a cloud-
managed endpoint security solution that provides advanced
protection against viruses, malware, and other cyber-threats by
detecting, preventing, and responding to threats.
2 Webhooks are user - defined HTTP callbacks.They are usually
triggered by some event,such as pushing code to a repository or a
comment being posted to a blog.When that event occurs,the source
site makes an HTTP request to the URL configured for the
webhook.Users can configure them to cause events on one site to
invoke behavior on another.
1 Manage Engine ServiceDesk Plus is a service management solution
that combines IT service management, IT asset management, and
CMDB with enterprise service management.
1 PoshC2 is an open-source command and control (C2) framework
extensively utilized by both penetration testers and, unfortunately,
malicious actors for post-exploitation activities. Detecting and
mitigating threats associated with PoshC2 necessitates the
integration of specialized threat intelligence feeds into your security
infrastructure.
1 An adaptable, triple-layer security system that uses industry-standard
mature signature technology with highly optimized machine language
and deep learning-based models on live traffic to detect threats in the
hybrid cloud.
1 OPSWAT Metadefender is a scanning engine uses 30+ anti-malware
engines to scan files,IPs and domains for threats, significantly
increasing malware detection.
1 Sophos Firewall is the only network security solution that fully
identifies the source of an infection on your network and automatically
limits the infected device's access to other network resources in
response
1 Vulnerability scanner for auditors and security analysts by Tenable
Network Security.
1 Neutrino API
1 Burp Suite, developed by PortSwigger, is a comprehensive platform
for web application security testing, widely utilized by security
professionals to identify and exploit vulnerabilities. While Burp Suite
itself does not directly provide threat intelligence feeds, it offers
several integration capabilities and extensions that allow users to
 incorporate external threat intelligence into their security
assessments.
1 Seceon SIEM provides a modern cybersecurity strategy with
consolidated data from numerous sources.
1 The Mythic Command and Control (C2) Framework is an open-
source platform designed for red team operations and adversary
emulation. While it serves legitimate purposes for security
professionals, malicious actors can exploit Mythic for unauthorized
activities. To effectively monitor and defend against threats associated
with Mythic C2, organizations can utilize specialized threat
intelligence feeds
1 Azure Key Vault is a cloud service for securely storing and accessing
secrets. API keys, passwords, certificates, and cryptographic keys
are examples of things you might want to keep private. The following
topics in this blog will explain more about Azure’s Key Vault.
1 Get case from the Qradar
1 Providing Custom, Cost Effective Managed Security Solutions for 20
Years through Information Security Expertise Built on a Foundation of
Customer Trust.
1 Zoho Creator is a versatile low-code platform that allows businesses
to design and deploy custom applications with minimal coding,
empowering them to optimize workflows and boost productivity
effectively.
1 URL abuse threat feeds are essential tools in cybersecurity, providing
real-time information on malicious URLs associated with phishing,
malware distribution, and other cyber threats. Integrating these feeds
into your security infrastructure enhances your organization's ability to
detect and mitigate potential threats.
1 DcRAT (Dark Crystal RAT) is a remote access trojan (RAT) designed
for Windows systems, enabling attackers to take control of
compromised machines. It is known for its modular design, allowing
cybercriminals to execute various malicious activities such as
keylogging, credential theft, and remote command execution.
2 Jira Issue Tracking Provider
1 Paloalto networks is leading a new era in cybersecurity by safely
enabling applications and preventing cyber breaches.
1 The OpenAI API can be used for almost any task that involves
understanding or producing natural language or code. We provide a
range of models with varying degrees of power appropriate for
various tasks, as well as the option to fine-tune your own unique
models. Everything from content creation to semantic search and
classification can be done using these models.
1 A bogon is an illegitimate IP address that falls into a set of IP
addresses that have not been officially assigned to an entity by an
internet registration institute, such as the Internet Assigned Number
Authority (IANA).
1 AWS Lambda is an event-driven, serverless computing platform
provided by Amazon as a part of Amazon Web Services.
1 LogRhythm is designed to address an ever-changing landscape of
threats and challenges with a full suite of high-performance tools for
security, compliance and operations. It delivers comprehensive,
useful and actionable insight into what is really going on in and
around an enterprise IT environment.
1 CheckPhish uses deep learning, computer vision and NLP to mimic
how a person would look at, understand, and draw a verdict on a
suspicious website.
1 This application provides MongoDB integration for executing queries.
1 njRAT, also known as Bladabindi, is a remote access trojan (RAT)
that enables unauthorized control over infected systems. First
identified in 2013, njRAT has been utilized in various cyber
campaigns targeting sectors such as government, finance,
manufacturing, energy, and oil and gas, particularly in regions like the
Middle East, North America, and Latin America.
1 HookBot is an advanced Android banking Trojan that has evolved
from the Ermac malware family. Developed by the threat actor known
as DukeEugene, HookBot incorporates remote access capabilities,
enabling unauthorized control over infected devices. It primarily
targets users by impersonating legitimate applications across various
sectors, including banking, social networking, and cryptocurrency.
1 AWS Network Firewall is a stateful, managed, network firewall and
intrusion detection and prevention service for your virtual private
cloud (VPC) that you created in Amazon Virtual Private Cloud
(Amazon VPC).
1 VirusTotal
2 The Cisco IronPort Hosted Email Security solution cleans up all
inbound mail by using industry leading anti-spam, anti-virus, and
other rules. This ensures that the mail traffic that reaches the
customer premises is free from email malware.
1 DNSDB is a database that stores and indexes both the passive DNS
data available via Farsight Security's Security Information Exchange
and authoritative DNS data.
1 Anonymous proxy lists, such as those provided by services like
Multiproxy, offer collections of proxy servers that users can utilize to
conceal their IP addresses and enhance privacy. While these proxies
 can serve legitimate purposes, they are also frequently exploited by
malicious actors to obfuscate their identities during cyberattacks.
Consequently, integrating threat intelligence feeds that monitor and
report on such proxies is crucial for bolstering cybersecurity defenses.
4 this is check ip configuration
1 Stellar Cyber’s platform contains Next Gen SIEM out-of-the-box as a
native capability. Multiple tools consolidated into a single platform –
NDR, UEBA, Sandbox, TIP and more – signi cantlysimplify
operations and reduce capital costs. Automation helps outpace
threats
1 A security software suite, which consists of anti-malware, intrusion
prevention and firewall features for server and desktop computers.
1 Harmony Endpoint is a complete endpoint security solution built to
protect the remote workforce from today’s complex threat landscape
1 Service Management Automation X (SMAX) is a service management
solution driven by analytics, that combines four key application areas:
IT Service Management, IT Asset Management, Extended Service
Management, and Cloud Management.
1 This tool checks if a domain is blacklisted by popular and trusted
blacklist services .
1 Checking website traffic and rank is the basis for uncovering
actionable ideas to grow your business.
1 SentinelOne is a security platform that provides threat detection,
hunting, and response features that enable organizations to discover
vulnerabilities and protect IT operations.
1 EDROP is an extension of the DROP list that includes suballocated
netblocks controlled by spammers or cyber criminals. EDROP is
 meant to be used in addition to the direct allocations on the DROP
list. Spamhaus IPv6 DROP List (DROPv6) The DROPv6 list includes
IPv6 ranges allocated to spammers or cyber criminals.
1 IPinfo helps find out the owner, internet provider and location of any
website, domain or IP address.
1 The SANS Internet Storm Center (ISC) provides various security
intelligence resources, including malware blocklists and threat feeds.
These lists help organizations and security professionals detect and
block malicious domains, IPs, and other indicators of compromise
(IOCs).
1 Integrating threat intelligence feeds specific to the Mirai botnet can
enhance your organization's ability to detect and mitigate associated
threats.
2 Check Point Firewall is part of the Software Blade architecture that
supplies "next-generation" firewall features, including: VPN and
mobile device connectivity.
1 Tor threat feeds provide lists of IP addresses associated with the Tor
network, particularly focusing on Tor exit nodes—the gateways
through which Tor-encrypted traffic exits to access the public internet.
Monitoring these feeds can help organizations identify and manage
traffic originating from the Tor network, which is often used to maintain
anonymity.
1 OpenLDAP is a free, open-source implementation of the Lightweight
Directory Access Protocol (LDAP) developed by the OpenLDAP
Project. It is released under its own BSD-style license called the
OpenLDAP Public License.
1 CVE API
1 Use the Zoom integration to manage your Zoom users and meetings
1 MX Toolbox records for a domain in priority order.
5 VT NC
1 Azure compute service is a management service for managing azure
virtual machines.
1 BIND stands Berkeley Internet Name Domain & it allows us to publish
DNS information on internet as well as allows us to resolve DNS
queries for the users.
1 This tool checks if an IP is blacklisted by popular and trusted blacklist
services .
1 MalwareBazaar is a free platform by Abuse.ch that provides threat
intelligence feeds containing malware samples, hashes (MD5, SHA-1,
SHA-256), and other indicators of compromise (IoCs).
1 ThreatConnect's intelligence-driven security operations solution with
intelligence, automation, analytics, and workflows.
1 NimPlant is a Command and Control (C2) framework developed
using the Nim programming language. While specific threat
intelligence feeds exclusively tracking NimPlant C2 servers may not
be readily available, integrating general C2 threat intelligence feeds
can enhance detection and mitigation efforts against such
frameworks.
1 Phishing Initiative
1 Poseidon is a malware variant known for targeting macOS systems,
primarily distributed through deceptive methods such as SEO
poisoning and malicious advertisements. To effectively monitor and
mitigate threats associated with Poseidon, integrating specialized
Command and Control (C2) threat intelligence feeds into your
 security infrastructure is essential.
1 Codesk a ticketing tool
1 Google Sheets is an online spreadsheet app that lets you create and
format spreadsheets and work with other people.
1 AbuseIPDB is a project dedicated to helping combat the spread of
hackers, spammers, and abusive activity on the internet.
1 Sliver C2 is an open-source, cross-platform adversary emulation
and red team framework developed by Bishop Fox. It's designed for
security testing across multiple operating systems, including
Windows, macOS, and Linux. Sliver supports command and control
(C2) over various protocols such as Mutual TLS (mTLS), WireGuard,
HTTP(S), and DNS, offering flexibility and security in testing
environments.
1 Cisco Adaptive Security Appliance (ASA) Software is the core
operating system for the Cisco ASA Family. It delivers enterprise-
class firewall capabilities for ASA devices in an array of form factors -
standalone appliances, blades, and virtual appliances - for any
distributed network environment.
1 DShield is a community-based collaborative firewall log correlation
system that aggregates data from volunteers worldwide to analyze
attack trends and enhance internet security. As part of the SANS
Internet Storm Center (ISC), DShield offers various threat feeds that
provide actionable intelligence for cybersecurity professionals.
1 Cisco Talos Intelligence Group is a leading threat intelligence
organization that provides comprehensive, real-time data to enhance
cybersecurity defenses. Their threat intelligence feeds offer
actionable insights into various security threats, including malware,
phishing, and botnets.
1 Secure Cloud Analytics provides the visibility and threat detection
capabilities you need to keep your workloads highly secure in all
major cloud environments like Amazon Web Services (AWS),
Microsoft Azure, and Google Cloud Platform.
1 Sumo Logic Cloud SIEM is a cloud-based security information and
event management (SIEM) tool that helps organizations detect and
respond to threats across their environments.
1 SpyAgent is a sophisticated Android malware designed to extract
sensitive information, particularly targeting cryptocurrency recovery
phrases by analyzing images stored on infected devices. It employs
optical character recognition (OCR) to scan screenshots and images
for mnemonic keys associated with cryptocurrency wallets, posing
significant financial risks to users.
1 GitLab is a code hosting platform for version control and
collaboration. It lets you and others work together on projects from
anywhere.
1 Groups are collections of principals with shared access to resources
in Microsoft services or in your app. Different principals such as
users, other groups, devices, and applications can be part of groups.
1 Collector-stealer is a malware of Russian origin designed to extract
sensitive data from compromised systems. It has been distributed
through various methods, including embedding within unauthorized
software like KMSAuto and via phishing websites that mimic
legitimate cryptocurrency platforms.
1 VShell is a cross-platform remote access trojan (RAT) that enables
unauthorized control over compromised systems. It affects multiple
operating systems, including Windows, Linux, and macOS, and is
typically distributed through phishing campaigns, malicious
 downloads, or by exploiting vulnerabilities in outdated software. Once
installed, VShell connects to an attacker's command-and-control (C2)
server, facilitating persistent unauthorized access.
1 AWS CloudTrail is an AWS service that helps you enable
governance, compliance, and operational and risk auditing of your
AWS account. Actions taken by a user, role, or an AWS service are
recorded as events in CloudTrail.
1 This application provides ServiceNow integration for tickets.
1 CrowdStrike Falcon is the platform to protect endpoints with ease:
Stop breaches and improve performance with the power of the cloud,
artificial intelligence (AI) and an intelligent, lightweight agent.
1 AWS DynamoDB is a fully managed NoSQL database service that
provides fast and predictable performance with seamless scalability.
1 FireHOL is an open-source project that provides comprehensive IP
blocklists and firewall tools to enhance network security. Its IP Lists
service aggregates and analyzes publicly available IP feeds, focusing
on identifying sources of attacks and abuse.
1 RedGuard is a command-and-control (C2) traffic redirection tool
designed to enhance the stealth and resilience of C2 infrastructures.
Developed with the intent to aid security professionals in
understanding and mitigating C2 communication flows, RedGuard
has also been utilized by adversaries to obscure malicious activities.
1 SHA1 hash threat feeds are a vital tool in cybersecurity, specifically
for identifying and blocking known malicious files. These feeds
contain lists of SHA1 hashes known to be associated with malicious
files, such as malware, viruses, and other harmful software.
1 Azure Sentinel Threat Feeds refer to external and built-in threat
 intelligence sources that Microsoft Sentinel (formerly Azure Sentinel)
ingests to enhance security operations. These feeds help detect,
investigate, and respond to threats by integrating with various Threat
Intelligence Platforms (TIPs) and third-party threat feeds.
1 Proxyscan is a service that provides lists of proxy servers,
including details such as IP addresses, ports, and protocols. While
Proxyscan itself is a legitimate tool, the proxies listed can be used for
both benign and malicious purposes. To enhance your organization's
security posture, it's crucial to monitor and manage traffic associated
with proxy IPs, as they can be leveraged by threat actors to
anonymize malicious activities.
1 Stack IP Information is real-time IP to geolocation and capable of
looking up accurate location data and assessing security threats .
1 SonicWall protects from the perimeter to the endpoint. The integrated
Capture Cloud Platform scales automated real-time breach detection
and prevention across email, wireless, wired, cloud and mobile
networks.
1 Gozi, also known as Ursnif or ISFB, is a notorious banking Trojan
that has been targeting financial institutions globally since its
discovery in 2007. Designed to steal sensitive information such as
banking credentials, passwords, and personal data, Gozi has evolved
over the years, incorporating advanced features like web injection,
keylogging, and remote access capabilities.