Unified Format (Update)

[1.0.1]

Added

• Missing domains from Burning Umbrella Report (20180503_Burning_Umbrella_Area_1_indicators.csv), thanks for the catch guys!

Removed

• IOC files to no longer include quotes around csv fields

Unified Format

Added

• Changelog to track post and changes to unified format
• Unifed format for machine readable IOCs in all IOC files
• Blacklist for cert and file type indicators
• README description of detections repo
• README description of unified IOC format
• Previous post added to Reports section of README that have no IOC, IDS, or other github docs
• Apache LICENSE descriptor
• ingest.py to read in all IOC/IDS/Blacklist as a python list()
• 20180503_Burning_Umbrella_Area_1_indicators.csv
• 20180503_Burning_Umbrella_Area_2_indicators.csv
• 20180503_Burning_Umbrella_Area_3_indicators.csv
• 20180503_Burning_Umbrella_Area_5_indicators.csv
• 20180503_Burning_Umbrella_Area_6_indicators.csv
• 20180503_Burning_Umbrella_Area_7_indicators.csv
• 20180503_Burning_Umbrella_Area_8_indicators.csv
• 20180503_Burning_Umbrella.pdf

Changed

• ioc_urls.txt
• cert_bl.csv
• file_bl.csv
• Formating of IOCs to unified format addressed in README.md
• README.md : Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers

Removed

• Defang Domains, IPs, and URLs in IOC files

0.6.0

New Posts

[0.6.0] - 2018-02-22

Added

• 20180222_Analysis_of_Active_Satori_Botnet_Infections_indicators and 20180222_Analysis_of_Active_Satori_Botnet_Infections__ids, Analysis of Active Satori Botnet Infections

[0.5.0] - 2017-12-20

Added

• 20171220_Introduction_to_SMB_pcaps and 20171220_Introduction_to_SMB_pdf, An Introduction to SMB for Network Security Analysts

[0.4.0] - 2017-11-01

Added

• 20171101_ExposingPhishing_indicators and 20171101_ExposingPhishing_ids, Exposing a Phishing Kit

[0.3.0] - 2017-10-26

Added

• 20171026_LargeScaleIRC_indicators and 20171026_LargeScaleIRC_ids, Large Scale IRCbot Infection Attempts

[0.2.0] - 2017-10-16

Added

• 20171016_UpdateWinnti_indicators and 20171016_UpdateWinnti_ids, An Update on Winnti

[0.1.0] - 2017-10-10

Added

• 20171010_TurlaWateringHole_indicators and 20171010_TurlaWateringHole_ids, Turla Watering Hole Campaigns 2016/2017
• 20170711_WinntiEvolution_indicators, Winnti (LEAD/APT17) Evolution - Going Open Source