Reverse Deception: Organized Cyber Threat Counter-Exploitation (36 page)

Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation

8.51Mb size Format: txt, pdf, ePub

Malware Domain List
This data repository is a great resource that can be used to track cyber-criminal campaigns. It’s maintained by a group of security professionals who pool their resources together to discuss via forums. It also provides hourly updated lists of malicious domains and analysis of those malicious domains and IP addresses. Each domain or IP address has a lot of good analysis as to what crimeware family and/or group it may be associated with. When consuming this data, you need to keep in mind that the attribution of the groups lies in the URI. You need to
always
look at the URI strings in order to attribute specific activity to a group you may already be tracking. The repository is located at
www.malwaredomainlist.com
.

Excellent

Abuse.ch
This data repository is one of the best public resources (in our professional opinion) that can be used to track specific botnet command-and-control (CnC) domains and IP addresses, criminal networks, and cyber-criminal campaigns. This group is based mostly in Europe, with contributors throughout the world working together to detect and track botnet and criminal networks.
Abuse.ch
offers not only information about the CnC activity, but also all sorts of data related to the binaries, versions, URI, history, uptime, type of server, geolocation, and whether the CnC is still online. This repository is located at
www.abuse.ch/
.

Roman Hüssy is one of the focal analysts behind
abuse.ch
and is a great asset to the international security community. He helps run multiple trackers, such as the following:

DNS Blacklist, which tracks fast-flux crimeware networks (
https://dnsbl.abuse.ch
)

ZeuS Tracker, which tracks Zeus bot-related CnC and file update sites (
https://zeustracker.abuse.ch/
)

SpyEye Tracker, which tracks SpyEye bot-related CnC and file update sites (
https://spyeyetracker.abuse.ch
)

Palevo Tracker, which is a remotely controllable worm based on Mariposa bot code (
https://palevotracker.abuse.ch/
)

AmaDa, which is a catchall that tracks anything not related to the specific crimeware families mentioned (
amada.abuse.ch
); although AmaDa was discontinued in early 2012 the online resource itself was very powerful

Excellent

Clean MX
This data repository is a good resource for analyzing phishing campaigns, infector sites, and crimeware update sites. It is useful for trying to attribute infector sites to a specific group or crimeware campaign. This is a data source to help support identification of possible infection vectors. It is located at
www.clean-mx.de
.

Good

Other books

demon slayer 07.5 - demon slayer by fox, angie

Someone to Love by Riley Rhea

The Meltdown by L. Divine

Do Penguins Have Knees? by David Feldman

Hot Ink by Ranae Rose

A Dead End (A Saints & Strangers Cozy Mystery Book 1) by Keeley Bates

Death of a Chancellor by David Dickinson

The Killer Book of Cold Cases by Tom Philbin

Running for Her Life by Beverly Long

Nightspawn by John Banville