La presente guía trabaja utilizando IntelMQ y el repositorio de bots creado por CERTUNLP (https://github.com/CERTUNLP/intelmq-bots) para el consumo de feeds otorgados por CSIRTAmericas.
Category | SubType | Provider | Configuration |
---|---|---|---|
vulnerability | vulnerable_system | shodan | link |
vulnerability | vulnerable_system | publicwww | link |
vulnerability | vulnerable_system | LeakIX | link |
vulnerability | virtualization_internet_facing | shodan | link |
defacement | compromised_website | publicwww | link |
defacement | compromised_website | zone-h (published) | link |
defacement | compromised_website | zone-h (not published) | link |
spam | spam_site | publicwww | link |
spam | spam_relay | abusix | link |
spam | spam_relay_daily | abusix | link |
spam | spam_account | abusix | link |
spam | spam_account_government | abusix | link |
spam | spam_account_daily | abusix | link |
spam | spam_account_government_daily | abusix | link |
cryptojacking | cryptojacking_site | publicwww | link |
ics-scada | ics_scada_internet_facing | shodan | link |
phishing | phishing_domains | phishtank | link |
malware | infected_connections | microsoft | link |
infoleak | data_leak | intelx | link |