Over the past 30 days, our community shared 27,165 new #IOCs on ThreatFox π¦ β an 18% increase from the previous month.
π Huge shoutout to 'juroots', our top contributor with 2,746 IOCs submitted.
π The most-shared malware family (or in this case framework)? Clearfake, with 2,817 IOCs reported.
Find the full breakdown here: π https://threatfox.abuse.ch/statistics/
#ThreatFox #CommunityPower #SharingIsCaring #CyberThreatIntel
π¦ ThreatFox Update | We're now expiring IOCs older than 6 months. IOCs donβt last forever and internet infrastructure often gets re-used, therefore we're implementing a 6-month expiry policy to reduce false positives.
As a result, expired IOCs will no longer appear in ThreatFox exports or be available via the ThreatFox APIs. Thanks for your continued support! π
Happy to have received recognition for being a #TopContributor to the @abuse_ch project in #2024. Currently ranking place 4 in the leaderboard of global #IoC sharing via #Threatfox.
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus!
P.S. The hoodie has an amazing quality!
β Cyberbro v0.1.0 released
Get CTI information about IPs / domains/ URLs / hash from different sources:
- VirusTotal
- OpenCTI
- ThreatFox
- Grep.App
and more.
Self-hosted: https://github.com/stanfrbd/cyberbro/
Demo: https://demo.cyberbro.net/
#cti #virustotal #threatfox #opencti #grep #osint #foss #github #release
Updating old projects to prepare for 2025 π
IoCSharing to #ThreatFox and my Github has been very low in recent months. Blame my bachelor thesis. But I hope to get that going on a way more frequent basis with the new system :)
Cheers @abuse_ch for your awesome platforms πͺ
New entrant #Bashlite malware enters the Top10 at #2 for most IOCs shared (1,389) on ThreatFox π¦. Meanwhile, Cobalt Strike remains π of the charts with 1,772 samples!
π Read the Malware Digest here: https://www.spamhaus.org/malware-digest/#malware-digest
Bashlite malware infects Linux systems to enable distributed denial-of-service (DDoS) attacks.
π Learn more about Bashlite: https://malpedia.caad.fkie.fraunhofer.de/details/elf.bashlite
#WormsWeeklyIoC have been released. This week features #RecordBreaker/#racconv2, #Amadey #Botnet, and a rework of my #Rhadamanthys #Stealer #IoC gathering.
Find all indicators here:
https://github.com/Gi7w0rm/MalwareConfigLists/tree/main
The proudest release this week is 85 new #Rhadamanthys #Stealer #C2s not prior known to #Threatfox.
I invite you all to vet those to make sure my new method of gathering works correctly :)
Together with this week's #Raccoon #IoC, they are all in #OTX as well.
https://otx.alienvault.com/user/@Gi7w0rm/pulses
Interesting side note: One of the #IoC for #Rhadamanthys #Stealer is IP: 104.156.149[.]126.
This IP has been attributed as an Indicator of #Sandworm / GRU Unit 74455 by Google:
https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/
Stay safe out there <3
abuse.ch 
Gi7w0rm
Cyberbro
The Spamhaus Project
John F