Reverse Deception: Organized Cyber Threat Counter-Exploitation (37 page)

Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation
5.03Mb size Format: txt, pdf, ePub

 

PhishTank
   This data repository is a good resource for phishing campaigns, domains, and IP addresses. This site is pretty much focused on phishing (as per the name), and it’s an awesome resource if investigating phishing campaigns is one of your responsibilities. It is regularly updated, maintained, and validated. You’ll find the PhishTank at
www.phishtank.com
.

 

Good

 

ThreatExpert
   This website provides a plethora of information relating to the gamut of crimeware dating back years. It can help you distinguish between benign and malicious network traffic and/or suspicious samples. This site honestly does stand on its own, which you will see for yourself once you visit it. Find it at
www.threatexperts.com
.

 

Excellent

 

Contagio Malware Dump
   This is a good site to look for information about SSCTs, known hostile IP addresses related to APTs hitting international governments. It also has numerous articles that can be digested to learn more about specific crimeware families and/or criminal operators. Some of the content is more US cyber-driven, but overall, there is a lot of consistent content that can help any cyber intelligence analyst. The site is located at
contagiodump.blogspot.com
.

 

Good

 

DNS-BH—Malware Domain Blocklist
   This site offers a daily listing of known malicious domains that can be downloaded and used for noncommercial purposes. This is a good resource to identify malicious domains, and some, but not all, are associated with specific crimeware families. Sometimes the site’s operators do get things mixed up a little, but overall, when they label a domain as malicious, you can wager they are spot on. It’s located at
www.malwaredomains.com
.

 

Good

 

Microsoft Malware Protection Center
   This data repository is a good resource that can be used to identify specific tactics of crimeware and better define what the malware does and how it behaves. Microsoft is like a 2-ton elephant hiding under the rug. We don’t have anything negative to say about this public resource, beyond that it could be a little more in depth with associating lists of domains/IP addresses with specific crimeware families and/or groups. Find this site at
www.microsoft.com/security/portal/
.

 

Good

 

Anubis
  This data repository is a good resource for analyzing crimeware samples if you do not have a malware analysis system. Anubis is similar to VirusTotal (a website that analyzes suspicious files against 43 antivirus engines), but provides much more information and context about the sample itself. It’s located at
anubis.iseclab.org
.

 

Good

Other books

Arkwright by Allen Steele
In the Heart of the Canyon by Elisabeth Hyde
Poison by Zinn, Bridget
Vengeance by Michelle Madow
Not Meeting Mr Right by Anita Heiss
The Sword of Straw by Amanda Hemingway
Deadly Night by Heather Graham
Resonance by Celine Kiernan