Threat Intelligence Feeds Gathered by Combine

These are the Threat Intelligence feeds gathered by Combine in its current version (0.1.3). More granular plugin functionality will be made available in the next version (0.2.0).

inbound_urls.txt

• Honeypot = http://www.projecthoneypot.org/list_of_ips.php
• OpenBL = http://www.openbl.org/lists/base_30days.txt
• BlocklistDe1 = http://www.blocklist.de/lists/ssh.txt
• BlocklistDe2 = http://www.blocklist.de/lists/apache.txt
• BlocklistDe3 = http://www.blocklist.de/lists/asterisk.txt
• BlocklistDe4 = http://www.blocklist.de/lists/bots.txt
• BlocklistDe5 = http://www.blocklist.de/lists/courierimap.txt
• BlocklistDe6 = http://www.blocklist.de/lists/courierpop3.txt
• BlocklistDe7 = http://www.blocklist.de/lists/email.txt
• BlocklistDe8 = http://www.blocklist.de/lists/ftp.txt
• BlocklistDe9 = http://www.blocklist.de/lists/imap.txt
• BlocklistDe10 = http://www.blocklist.de/lists/ircbot.txt
• BlocklistDe11 = http://www.blocklist.de/lists/pop3.txt
• BlocklistDe12 = http://www.blocklist.de/lists/postfix.txt
• BlocklistDe13 = http://www.blocklist.de/lists/proftpd.txt
• BlocklistDe14 = http://www.blocklist.de/lists/sip.txt
• CIArmy = http://www.ciarmy.com/list/ci-badguys.txt
• alienvault = https://reputation.alienvault.com/reputation.generic
• dragonresearch1 = http://dragonresearchgroup.org/insight/sshpwauth.txt
• dragonresearch2 = http://dragonresearchgroup.org/insight/vncprobe.txt
• bruteforceblocker = http://danger.rulez.sk/projects/bruteforceblocker/blist.php
• dshield = https://isc.sans.edu/ipsascii.html
• nothink = http://www.nothink.org/blacklist/blacklist_ssh_day.txt
• packetmail = https://www.packetmail.net/iprep.txt
• autoshun = http://www.autoshun.org/files/shunlist.csv
• charleshaley = http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt
• virbl = http://virbl.org/download/virbl.dnsbl.bit.nl.txt
• botscout = http://botscout.com/last_caught_cache.htm

AlienVault - Inbound Categories

• AlienVault-ScanningHost
• AlienVault-Spamming

outbound_urls.txt

• MalwareGroup = http://www.malwaregroup.com/ipaddresses
• malcode = http://malc0de.com/bl/IP_Blacklist.txt
• zeus = https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist
• palevotracker = https://palevotracker.abuse.ch/blocklists.php?download=ipblocklist
• alienvault = http://reputation.alienvault.com/reputation.data
• feodo = https://feodotracker.abuse.ch/blocklist/?download=ipblocklist
• nothink1 = http://www.nothink.org/blacklist/blacklist_malware_dns.txt
• nothink2 = http://www.nothink.org/blacklist/blacklist_malware_http.txt
• nothink3 = http://www.nothink.org/blacklist/blacklist_malware_irc.txt

Alienvault - Outbound Categories

• AlienVault-APT
• AlienVault-C&C
• AlienVault-MalwareHost
• AlienVault-MalwareDistribution
• AlienVault-MalwareDomain
• AlienVault-MalwareIP