New Tool for IOC Processing

#1

I ran across a new IOC harvesting and processing tool on Github. It was posted a couple of weeks ago by an author named Silas Cutler and is licensed as GNU General Public License v3.0

It was recently featured on kitploit.com.

Since it is relatively new I haven’t had time to run it in my lab yet, but based on the description it boasts an impressive collection engine. It can pull from these feeds (likely via API):
VirusTotal (https://www.virustotal.com)
MalShare (https://malshare.com/)
BambenekFeeds (osint.bambenekconsulting.com/feeds/)
FeodoBlockList (https://feodotracker.abuse.ch)
Malc0deIPList (http://malc0de.com/)
NoThinkIPFeeds (www.nothink.org/)
OpenPhishURLs (https://openphish.com)
TorNodes (https://torstatus.blutmagie.de)

If you are looking to feed your SIEM, this might be a cost-effective IOC processing solution.

2 Likes