This section describes OSINT feeds supported by Kaspersky CyberTrace.
OSINT feeds are publicly available threat intelligence data sources provided by organizations and individuals.
OSINT feeds supported by Kaspersky CyberTrace
Kaspersky CyberTrace supports OSINT feeds from the following sources:
This source has several associated sources of information:
This source provides information about emerging threats.
This is a free and voluntary service provided by a Fraud/Abuse specialist, whose servers are often attacked on SSH, Mail Login, FTP, Webserver, and other services.
BlockList.de has reported more than 70,000 attacks in twelve hours in real time and uses Whois (abuse-mailbox, abuse@, security@, email, remarks), RIPE Abuse Finder, and Abuse Contact Database from abusix.org to find the abuse address assigned to the attacking host.
Cyber Crime Tracker monitors and tracks various malware families that are used to perpetrate cyber crimes, such as banking trojans and ransomware. It lists mainly malware C&Cs, and file hashes of Zeus and Zeus-originated malware families.
The following table lists supported OSINT feeds:
OSINT feeds
Identifier |
Description |
Link |
Abuse.ch_Feodo_BlockIP |
Feodo IP Blocklist |
|
Abuse.ch_SSL_Certificate_BlockIP |
Botnet C2 IP Denylist |
|
Abuse.ch_SSL_Certificate_BlockHash |
SSL Certificate Denylist |
|
Blocklist.de_BlockIP |
Blocklist.de IP Blocklist |
|
CyberCrime_Tracker_BlockUrl |
Cyber Crime Tracker URL Blocklist |
|
EmergingThreats_BlockIP |
Raw IPs for the firewall block lists |
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt |
EmergingThreats_CompromisedIP |
Compromised IP addresses |
https://rules.emergingthreats.net/blockrules/compromised-ips.txt |
The OSINT feeds in the table above are maintained by third parties only. Some URLs in the table may, for various reasons, become obsolete over time.
Page top