Matteo Lodi
Matteo Lodi
## Name MachoFile ## Link https://github.com/pstirparo/machofile ## Type of analyzer file based for mac samples only ## Why should we use it pefile for macos ## Possible implementation simple python...
https://iplists.firehol.org/ We can save this info in a separate model like we did for Mass Scanners and then add a new field in the IOC model to collect this info....
See how we extract them from IntelOwl. I also think that the IP addresses detected as Tor Exit Nodes should be filtered by default, like we do right now for...
from the internal logs, it seems that same command sequences are stored multiple times. to investigate
* generate and periodically update IP list extracted from https://raw.githubusercontent.com/stamparm/maltrail/master/trails/static/mass_scanner.txt and filter those IP addresses out. I know that we already check the reputation from the T-POTs but we cannot...
At this time this is not possible through Elastic. However, there's an issue open for that: https://github.com/telekom-security/tpotce/discussions/1653 At the time of writing, the T-POT collects the downloaded samples in dedicated...
One really useful thing that we could add is the GUI section of the "enrichment" API. I would like to have a little form with just an IP address as...
This depends on the implementation of https://github.com/intelowlproject/GreedyBear/issues/524. Once GeoIP is available on the IOC database, we can add this section to the Frontend Feeds Page too
By using Maxmind free DB, we can enrich IP addresses with this info. In particular, the country is important and the Maxmind DB should be updated each day
This should be already supported by IntelOwl and can be copied from there