About OSINT feeds

This section describes OSINT feeds supported by Kaspersky CyberTrace.

OSINT feeds are publicly available threat intelligence data sources provided by organizations and individuals.

OSINT feeds supported by Kaspersky CyberTrace

Kaspersky Feed Utility supports OSINT feeds from the following sources:

• Abuse.ch

  This source has several associated sources of information:

  • Feodo Tracker is an abuse.ch project that has the goal of sharing botnet C&C servers associated with the Feodo malware family (Dridex, Emotet/Heodo).
  • Ransomware Tracker tracks and monitors the status of domain names, IP addresses, and URLs that are associated with Ransomware, such as botnet C&C servers, distribution sites and payment sites.
  • The SSL Blacklist (SSLBL) is an abuse.ch project that has the goal of detecting malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers.
• Proofpoint ET intelligence

  This source provides information about emerging threats.

• BlockList.de

  This is a free and voluntary service provided by a Fraud/Abuse specialist, whose servers are often attacked on SSH-, Mail-Login-, FTP-, Webserver-, and other services.

  BlockList.de has reported more than 70 000 attacks in 12 hours in real time and uses the Whois (abuse-mailbox, abuse@, security@, email, remarks), the RIPE Abuse Finder and the contact-database from abusix.org to find the abuse-address assigned to the attacking host.

• Cyber Crime Tracker

  Cyber Crime Tracker monitors and tracks various malware families that are used to perpetrate cyber crimes, such as banking trojans and ransomware. It lists mainly malware C&Cs and file hashes of Zeus and Zeus-originated malware families.

The following table lists supported OSINT feeds:

OSINT feeds

Identifier	Description	Link
Abuse.ch_Ransomware_Common	Ransomware Tracker CSV Feed	https://ransomwaretracker.abuse.ch/feeds/csv/
Abuse.ch_Ransomware_BlockUrl	Ransomware Tracker URL Blocklist	https://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt
Abuse.ch_Ransomware_BlockDomain	Ransomware Tracker Domain Blocklist	https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
Abuse.ch_Ransomware_BlockIP	Ransomware Tracker IP Blocklist	https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
Abuse.ch_Feodo_BlockIP	Feodo IP Blocklist	https://feodotracker.abuse.ch/downloads/ipblocklist.txt
Abuse.ch_Feodo_MalwareHash	Feodo Malware Hashes List	https://feodotracker.abuse.ch/downloads/malware_hashes.csv
Abuse.ch_SSL_Certificate_BlockIP	Botnet C2 IP Blacklist	https://sslbl.abuse.ch/blacklist/sslipblacklist.csv
Abuse.ch_SSL_Certificate_BlockHash	SSL Certificate Blacklist	https://sslbl.abuse.ch/blacklist/sslblacklist.csv
Blocklist.de_BlockIP	Blocklist.de IP Blocklist	https://lists.blocklist.de/lists/all.txt
CyberCrime_Tracker_BlockUrl	Cyber Crime Tracker URL Blocklist	http://cybercrime-tracker.net/all.php
EmergingThreats_BlockIP	Raw IPs for the firewall block lists	https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
EmergingThreats_CompromisedIP	Compromised IP addresses	https://rules.emergingthreats.net/blockrules/compromised-ips.txt

The OSINT feeds in the table above are maintained by third parties only. Some URLs in the table may, for various reasons, become obsolete over time.

Page top