Reverse Deception: Organized Cyber Threat Counter-Exploitation (37 page)
Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online
Authors: Sean Bodmer
Tags: #General, #security, #Computers
PhishTank
This data repository is a good resource for phishing campaigns, domains, and IP addresses. This site is pretty much focused on phishing (as per the name), and it’s an awesome resource if investigating phishing campaigns is one of your responsibilities. It is regularly updated, maintained, and validated. You’ll find the PhishTank at
www.phishtank.com
.
| Good |  |
ThreatExpert
This website provides a plethora of information relating to the gamut of crimeware dating back years. It can help you distinguish between benign and malicious network traffic and/or suspicious samples. This site honestly does stand on its own, which you will see for yourself once you visit it. Find it at
www.threatexperts.com
.
| Excellent | |
Contagio Malware Dump
This is a good site to look for information about SSCTs, known hostile IP addresses related to APTs hitting international governments. It also has numerous articles that can be digested to learn more about specific crimeware families and/or criminal operators. Some of the content is more US cyber-driven, but overall, there is a lot of consistent content that can help any cyber intelligence analyst. The site is located at
contagiodump.blogspot.com
.
| Good | |
DNS-BH—Malware Domain Blocklist
This site offers a daily listing of known malicious domains that can be downloaded and used for noncommercial purposes. This is a good resource to identify malicious domains, and some, but not all, are associated with specific crimeware families. Sometimes the site’s operators do get things mixed up a little, but overall, when they label a domain as malicious, you can wager they are spot on. It’s located at
www.malwaredomains.com
.
| Good | |
Microsoft Malware Protection Center
This data repository is a good resource that can be used to identify specific tactics of crimeware and better define what the malware does and how it behaves. Microsoft is like a 2-ton elephant hiding under the rug. We don’t have anything negative to say about this public resource, beyond that it could be a little more in depth with associating lists of domains/IP addresses with specific crimeware families and/or groups. Find this site at
www.microsoft.com/security/portal/
.
| Good | |
Anubis
This data repository is a good resource for analyzing crimeware samples if you do not have a malware analysis system. Anubis is similar to VirusTotal (a website that analyzes suspicious files against 43 antivirus engines), but provides much more information and context about the sample itself. It’s located at
anubis.iseclab.org
.
| Good | |