Mastodawn

Mastodon #infosec , I am trying to maintain a list of threat intel platforms that have passive DNS, historical whois, malware analysis, threat databases here https://gist.github.com/Te-k/2a5a1885249cfd07f417b47d291c4b98
Am I missing any important platform in that list?

Threat Intelligence platforms

Threat Intelligence platforms. GitHub Gist: instantly share code, notes, and snippets.

Gist

John Kristoff 2d ago

@tek I could probably dig up a lot more, but off the top of my head for passive DNS:

* https://passivedns.mnemonic.no/
* https://www.circl.lu/services/passive-dns/

We also have some NETINT data here:

* https://dataplane.org/signals.html

Argus Managed Defence | mnemonic

Etienne / Tek 2d ago

@jtk thank you!

Etienne / Tek 1d ago

@jtk Thanks !

Michał "rysiek" Woźniak · 🇺🇦2d ago

@tek cc @quad9dns 👀

Alexandre Dulaunoy 1d ago

@tek We have a large Passive DNS where you can even get access and it’s non-commercial/free.

https://www.circl.lu/services/passive-dns/

We operate also a free online url scanning lookyloo.circl.lu which is free and publicly accessible.

CIRCL » Passive DNS

CIRCL Passive DNS (v2) is a database of historical DNS records.

Etienne / Tek 1d ago

@adulau Added, thanks ! (and thanks for the great tools / services)

Stéphane Bortzmeyer 1d ago

@tek crt.sh is not really a database but an interface to the certificate logs (which are the real databases). You can access these logs via many other means.

Etienne / Tek 1d ago

@bortzmeyer Doesn't Sectigo maintain its own certificate transparency database that is used by crt.sh? Do you have any further doc on that?

Stéphane Bortzmeyer 1d ago

@tek When you look at a certificate with crt.sh, you can see at the beginning the logs where it appeared. There is often Sectigo but not only.

Stéphane Bortzmeyer 1d ago

@tek Passive DNS :
https://circl.lu/services/passive-dns/

CIRCL » Passive DNS

CIRCL Passive DNS (v2) is a database of historical DNS records.

Etienne / Tek 1d ago

@bortzmeyer Added, thanks!

@tek several projects initiated or contributed by CIRCL.lu qualify for the list
* MISP https://www.misp-project.org/
* Passive DNS with also historical geolocation DB https://www.circl.lu/services/passive-dns/
* Lookyloo https://lookyloo.circl.lu/capture
And maybe more

MISP Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing

MISP Threat Intelligence & Sharing

MISP Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing

Etienne / Tek 1d ago

@remidOc I added them, thanks!

Taylor Parizo 1d ago

@tek Validin for DNS data and Hunt.io for C2 infra tracking

Etienne / Tek 1d ago

@taylorparizo I didn't know those, really helpful, thanks!