Threat Intelligence Tools
Every day could be a new opportunity to learn something new, to update ourselves for betterment. Threat intelligence is similar like that, each day a new variants of malware, threats spread everywhere, & data gets leaked in darkweb. The security analyst use various tools & software to capture all the details of the threat & generate a report to make aware of vulnerability & threat.
What is Threat Intelligence?
Threat Intelligence is an evidence based knowledge. The data collected, analysed & processed to understand the threat actor motives to target an organization.
I’ve already explained about cyber threat intelligence, It contains two parts kindly go through it. I’ve attached the link to the post
Let me use this moment to share about the threat intelligence tools.
In a digital market they’re plenty of software are available for each and every purpose. But in threat intelligence evidence is must to prove about the threats and malwares. Will share a few platforms that aids to identify and track malware and botnets.
- Malware Bazaar
As name hint this platform contains collection of malware samples. A resource for sharing malware samples. Security analysts can upload their malware samples for analysis and build the intelligence database. It’s also favorable for threat hunting through alerts to match various elements such as tags, signatures, YARA rules, ClamAV signatures and vendor detection.
- Feodo Tracker
This platform used to track botnet command and control (C2) infrastructure linked with Emotet, Dridex and TrickBot. It provide database and c2 server for the security analysts, so that they could search and investigate any suspicious IP addresses.
- SSL Blacklist
This platform aids to identify a malicious SSL certificates and JA3/JA3s fingerprints. It contains collection of Blocklist SSL certificates and JA3/JA3s fingerprints lists. Based on threat hunting ruleset the analyst can upload their deny list.
- URL Haus:
This platform helps for sharing malware urls for malware distribution sites. We can search through the database for domains, URLs, hashes and filetypes that are suspicious to be malicious and validate your investigations.
- Threat Fox
This platform support for sharing indicators of compromise (IOCs) associated with malware. We can share, exploit, search, & export indicators of compromiseIOCs can be exported in various formats such as MISP events, Suricata IDS Ruleset, Domain Host files, DNS Response Policy Zone, JSON files and CSV files.
Thanks for reading…