OSINT and CAL Feeds
- 22 Jul 2024
- 4 Minutes to read
-
Print
-
DarkLight
OSINT and CAL Feeds
- Updated on 22 Jul 2024
- 4 Minutes to read
-
Print
-
DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
ThreatConnect® includes several open-source intelligence (OSINT) and CAL™ feeds that you can use to ingest real-time data into corresponding Sources in your instance. CAL feeds take focused OSINT information and combine it with ThreatConnect's collective analytics to deliver targeted information about common cyber threat intelligence (CTI) use cases.
Once feed data are ingested, you can aggregate, correlate, enrich, and operationalize them automatically. The following table lists the name of each feed included in ThreatConnect by default and the feed’s type (OSINT or CAL).
| Feed Name | Feed Type | Description |
|---|---|---|
| abuse.ch Feodo Tracker | OSINT | A list of Feodo (also known as Cridex or Bugat) malware family Indicators from feodotracker.abuse.ch. |
| abuse.ch ThreatFox | OSINT | ThreatFox is a free platform from abuse.ch that shares Indicators of compromise (IOCs) associated with malware with the information security community, AV vendors, and threat intelligence providers. |
| abuse.ch URLHaus | OSINT | Malicious URLs tracked on URLhaus. |
| Blocklist.de Apache IPs | OSINT | IP addresses reported within the last 48 hours as having run attacks on the Apache®, Apache-DDOS, or RFI-Attacks service, courtesy of blocklist.de. |
| Blocklist.de Bot IPs | OSINT | IP addresses reported within the last 48 hours as having run attacks on the RFI-Attacks, REG-Bots, IRC-Bots, or BadBots (i.e., a bot that has posted a spam comment on an open forum or wiki) service, courtesy of blocklist.de. |
| Blocklist.de Bruteforce IPs | OSINT | IP addresses that have attacked Joomla!®, WordPress®, and other web logins with brute-force logins, courtesy of blocklist.de. |
| Blocklist.de FTP IPs | OSINT | IP addresses reported within the last 48 hours for attacks on the FTP service, courtesy of blocklist.de. |
| Blocklist.de IMAP IPs | OSINT | IP addresses reported within the last 48 hours for attacks on the IMAP, SASL, or POP3 service, courtesy of blocklist.de. |
| Blocklist.de Mail IPs | OSINT | IP addresses reported within the last 48 hours as having run attacks on the Mail or Postfix service, courtesy of blocklist.de. |
| Blocklist.de SIP IPs | OSINT | IP addresses that tried to log into a Session Initiation Protocol (SIP), Voice over Internet Protocol (VoIP), or Asterisk server, courtesy of blocklist.de. |
| Blocklist.de SSH IPs | OSINT | IP addresses reported within the last 48 hours as having run attacks on the SSH service, courtesy of blocklist.de. |
| Blocklist.de Strong IPs | OSINT | IP addresses that are older than two months and have more than 5,000 attacks, courtesy of blocklist.de. |
| BotScout Bot List | OSINT | Names, IPs, and email addresses bots use while searching for forms to fill out and submit in order to spread spam, drop links, and gain access to a site so that they can find and exploit additional forms, courtesy of botscout.com. |
| Botvrij Domains | OSINT | A list of malicious domains and hostnames provided by botvrij.eu. |
| Botvrij IPs | OSINT | A list of malicious IPs provided by botvrij.eu. |
| BruteForceBlocker Blocklist | OSINT | A blocklist of IPs attempting SSH brute-force attacks compiled by Daniel Gerzo's BruteForceBlocker script. |
| CAL Automated Threat Library | CAL | CAL Automated Threat Library aggregates articles from information security blogs; parses them for IOCs, malware families, threat actors, etc.; and models them in ThreatConnect. |
| CAL Communications-themed NRDs | CAL | A list of newly registered domains (NRDs) suspected of imitating legitimate communications companies. |
| CAL COVID19-themed Newly Registered Domains | CAL | A list of newly registered domains (NRDs) related to COVID-19 and the IP addresses observed as DNS resolutions. |
| CAL Energy-themed NRDs | CAL | A list of newly registered domains (NRDs) suspected of imitating legitimate energy companies. |
| CAL Finance-themed NRDs | CAL | A list of newly registered domains (NRDs) suspected of imitating legitimate financial companies. |
| CAL Healthcare-themed NRDs | CAL | A list of newly registered domains (NRDs) suspected of imitating legitimate healthcare companies. |
| CAL Manufacturing-themed NRDs | CAL | A list of newly registered domains (NRDs) suspected of imitating legitimate manufacturing companies. |
| CAL Retail-themed NRDs | CAL | A list of newly registered domains (NRDs) suspected of imitating legitimate retail companies. |
| CAL Russian Malware and Tool Indicators | CAL | A list of Indicators associated with malware and tools used by Russian nation-state threat actors, based on CAL enrichments and MITRE ATT&CK® Groups and Software. |
| CAL Suspected DGA NRDs | CAL | A list of newly registered domains (NRDs) suspected of being created via a domain generation algorithm (DGA). |
| CAL Suspected Ranking Manipulators | CAL | A list of newly registered domains (NRDs) suspected of manipulating web traffic rankings to appear legitimate. |
| CAL Suspicious Nameservers | CAL | A list of nameservers being used by a significant number of malicious domains. |
| CAL Suspicious New Resolution IPs | CAL | A list of IP addresses seen as DNS resolutions of malicious hosts. |
| CAL Suspicious Newly Registered Domains | CAL | A list of newly registered domains (NRDs) that resolve to malicious infrastructure. |
| CINS Army IP List | OSINT | The Collective Intelligence Network Security (CINS) list of IP addresses that have tripped a designated number of “trusted” alerts across several CINS Sentinels deployed globally. |
| CyberCrime Tracker | OSINT | A list of malicious Indicators from CyberCrime Tracker. |
| Dan.me Tor Exit Nodes | OSINT | A list of Tor exit node IP addresses maintained by dan.me.uk. |
| Disconnect.me Malvertising | OSINT | A list of malicious advertising domains maintained by Disconnect.me. |
| DShield.org Recommended Blocklist CIDRs | OSINT | The top 20 attacking CIDRs over the last three days. |
| Firebog Prigent Malware Domains | OSINT | A list of malware domains managed by Fabrice Prigent at dsi.ut-capitole.fr, which is hosted by firebog.net. |
| GreenSnow Blocklist | OSINT | The GreenSnow project helps identify various attacks around the world in order to block them. Attacks that are monitored include port scans, FTP, POP3, mod_security, IMAP, SMTP, SSH, and cPanel. |
| Haley SSH Bruteforce IPs | OSINT | IP addresses launching SSH dictionary attacks, as reported to charles.the-haleys.org. |
| Hybrid Analysis | OSINT | A feed of files submitted to the free malware analysis service powered by Payload Security. |
| Maldun Malware Analysis | OSINT | File analysis results from maldun.com, a Chinese malware sandboxing site. |
| Maldun Malware Analysis URLs | OSINT | URL analysis results from maldun.com, a Chinese malware sandboxing site. |
| MalShare Daily Malware List | OSINT | Daily malware list from Malshare Project's public repository. |
| Maltrail Agent Tesla | OSINT | Agent Tesla malware URLs, hosts, and IPs from Maltrail. |
| Maltrail Anubis | OSINT | Anubis malware URLs, hosts, and IPs from Maltrail. |
| Maltrail Bankbot | OSINT | Bankbot malware URLs, hosts, and IPs from Maltrail. |
| Maltrail Blackshade | OSINT | Blackshade malware hosts and IPs from Maltrail. |
| Maltrail Cerberus | OSINT | Cerberus malware URLs, hosts, and IPs from Maltrail. |
| Maltrail Dridex | OSINT | Dridex malware URLs, hosts, and IPs from Maltrail. |
| Maltrail Formbook | OSINT | Formbook malware URLs, hosts, and IPs from Maltrail. |
| Maltrail Gamaredon | OSINT | Gamaredon malware URLs, hosts, and IPs from Maltrail. |
| Maltrail Generic | OSINT | Generic malware URLs, hosts, and IPs from Maltrail. |
| OpenPhish | OSINT | Phishing URLs reported by OpenPhish.com. |
| PhishTank | OSINT | A list of URLs, hosts, and IPs found in phishing emails, as reported to PhishTank. |
| Rutgers Attacker IPs | OSINT | Rutgers University’s report of attacker IP addresses. |
| StopForumSpam Toxic CIDRs | OSINT | CIDR netblocks reported to engage in forum abuse by stopforumspam.com. |
| VXVault | OSINT | A list of malicious indicators from the VX Vault malware tracker. |
ThreatConnect® is a registered trademark, and CAL™ is a trademark, of ThreatConnect, Inc.
Joomla!® is a registered trademark of Open Source Matters, Inc.
Apache® is a registered trademark of The Apache Software Foundation.
MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation.
WordPress® is a registered trademark of WordPress Foundation.
20160-01 v.02.A
Was this article helpful?
