11-24-2024, 04:42 AM
1. AlienVault Open Threat Exchange (OTX)
URL: https://otx.alienvault.com/
Features:
A community-powered platform providing Indicators of Compromise (IoCs) such as malicious IPs, domains, and URLs.
Users can create and share their own threat intelligence feeds.
Data Types: IoCs, malware, and exploits.
2. VirusTotal
URL: https://www.virustotal.com/
Features:
Provides file, domain, and URL reputation data by scanning them with multiple antivirus engines.
Offers free public API access for limited queries.
Data Types: Malicious file hashes, IPs, domains, and URLs.
3. AbuseIPDB
URL: https://www.abuseipdb.com/
Features:
Allows searching and reporting of IP addresses involved in malicious activity.
Free API access to check IP reputation.
Data Types: IP reputation, suspicious IP logs.
4. CIRCL OSINT Feeds
URL: https://www.circl.lu/services/feeds/
Features:
Provides open-source threat intelligence feeds including phishing domains, malware hashes, and blacklisted IPs.
Data Types: IPs, domains, file hashes, and URLs.
5. PhishTank
URL: https://www.phishtank.com/
Features:
A repository of phishing websites submitted and verified by the community.
Provides free access to phishing domain feeds.
Data Types: Phishing URLs and domains.
6. MISP Threat Intelligence Platform (Open Source)
URL: https://www.misp-project.org/
Features:
An open-source threat intelligence platform that provides access to various shared IoC feeds.
Includes threat event data, malware samples, and more.
Data Types: IoCs, malware samples, threat actor information.
7. OpenPhish
URL: https://openphish.com/
Features:
A comprehensive feed of phishing domains and URLs updated in real time.
Free access to a basic phishing feed.
Data Types: Phishing domains and URLs.
8. MITRE ATT&CK Framework
URL: https://attack.mitre.org/
Features:
A curated knowledge base of adversary tactics and techniques.
Useful for mapping observed activities to known threat actor behavior.
Data Types: Threat actor profiles, techniques, and tactics.
9. DNSlytics
URL: https://dnslytics.com/
Features:
Offers information on domains, IP addresses, and subdomains linked to suspicious activity.
Provides free analysis for a limited number of queries.
Data Types: Domain reputation, IP reputation, and DNS data.
10. Sans Internet Storm Center (ISC)
URL: https://isc.sans.edu/
Features:
Provides a daily summary of the latest security threats and trends.
Shares IoC feeds such as malicious IPs, attack patterns, and vulnerabilities.
Data Types: IPs, vulnerabilities, and attack trends.
Bonus Sources:
Talos Intelligence by Cisco: https://talosintelligence.com/
URLhaus by Abuse.ch: https://urlhaus.abuse.ch/
ThreatMiner: https://www.threatminer.org/
URL: https://otx.alienvault.com/
Features:
A community-powered platform providing Indicators of Compromise (IoCs) such as malicious IPs, domains, and URLs.
Users can create and share their own threat intelligence feeds.
Data Types: IoCs, malware, and exploits.
2. VirusTotal
URL: https://www.virustotal.com/
Features:
Provides file, domain, and URL reputation data by scanning them with multiple antivirus engines.
Offers free public API access for limited queries.
Data Types: Malicious file hashes, IPs, domains, and URLs.
3. AbuseIPDB
URL: https://www.abuseipdb.com/
Features:
Allows searching and reporting of IP addresses involved in malicious activity.
Free API access to check IP reputation.
Data Types: IP reputation, suspicious IP logs.
4. CIRCL OSINT Feeds
URL: https://www.circl.lu/services/feeds/
Features:
Provides open-source threat intelligence feeds including phishing domains, malware hashes, and blacklisted IPs.
Data Types: IPs, domains, file hashes, and URLs.
5. PhishTank
URL: https://www.phishtank.com/
Features:
A repository of phishing websites submitted and verified by the community.
Provides free access to phishing domain feeds.
Data Types: Phishing URLs and domains.
6. MISP Threat Intelligence Platform (Open Source)
URL: https://www.misp-project.org/
Features:
An open-source threat intelligence platform that provides access to various shared IoC feeds.
Includes threat event data, malware samples, and more.
Data Types: IoCs, malware samples, threat actor information.
7. OpenPhish
URL: https://openphish.com/
Features:
A comprehensive feed of phishing domains and URLs updated in real time.
Free access to a basic phishing feed.
Data Types: Phishing domains and URLs.
8. MITRE ATT&CK Framework
URL: https://attack.mitre.org/
Features:
A curated knowledge base of adversary tactics and techniques.
Useful for mapping observed activities to known threat actor behavior.
Data Types: Threat actor profiles, techniques, and tactics.
9. DNSlytics
URL: https://dnslytics.com/
Features:
Offers information on domains, IP addresses, and subdomains linked to suspicious activity.
Provides free analysis for a limited number of queries.
Data Types: Domain reputation, IP reputation, and DNS data.
10. Sans Internet Storm Center (ISC)
URL: https://isc.sans.edu/
Features:
Provides a daily summary of the latest security threats and trends.
Shares IoC feeds such as malicious IPs, attack patterns, and vulnerabilities.
Data Types: IPs, vulnerabilities, and attack trends.
Bonus Sources:
Talos Intelligence by Cisco: https://talosintelligence.com/
URLhaus by Abuse.ch: https://urlhaus.abuse.ch/
ThreatMiner: https://www.threatminer.org/