Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections.

The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

The Foofus.Net team is an assortment of security professionals and wannabes located somewhere in the Midwestern United States. This site exists to support the various tools and ideas that we’ve made public, along with aiding to fill our DefCon beer fund.

This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

Having this as hobby project I usually have time to focus on following only single malware threat at a time - now I have main focus on Locky download sites. If I read some interesting whitepaper, I will probably import some links/hashes to tracker database here and there, but in general I do not verirify or follow on those. This site is considered to be mainly research platform and directly using the data for blacklisting is not recommended. At least you should make sure to filter out with some reasonable whitelist. For example if some malware will be connecting to for example 'http://google.com/70.exe?1' (as Teslacrypt did to query connection) or to '//plus.google.com/u/0/115747778649102578052/about' or 'https://twitter.com/linketelin' (as PlugX samples d9af894d51ba61075c7cd329b0be52df, 02a175b81144b8fa22414e9cf281f71c did) then such links can be found in the listings of tracker although I am not saying the sites as such should be blocked.

ThreatMiner is designed to be an analyst's first portal to visit when doing threat research and here's why.

Threat intelligence and intrusion analysts who regularly perform research into malware and network infrastructure often find the need to rely on mutliple websites that individually holds a small piece of the larger puzzle.

Furthermore, it is often the case where pivoting directly from an open source research report is unavailable and that it is sometimes difficult to remember if an indicator has alredy been reported and/or attributed. All these small but frustrating obstacles distract an analyst from what they do best: analyse.

Cisco's SenderBase.org provides a view into real-time threat intelligence across web and email. SenderBase is powered by Cisco Talos, the industry-leading threat intelligence organization dedicated to providing protection before, during, and after cybersecurity threats. The data is made up of over 100TB of daily security intelligence across over 1.6 million deployed Web, Email, Firewall and IPS appliances. Talos detects and correlates threats in real time using the largest threat detection network in the world spanning web requests, emails, malware samples, open source data sets, endpoint intelligence, and network intrusions. SenderBase is able transform some of Talos's data into actionable threat intelligence and tools to improve your security posture.

urlQuery is a free online service for testing and analyzing URLs, helping with identification of malicious content on websites. The main focus of urlQuery is to find and detect suspicious and malicious content on webpages, to help improve the security industry and make the internet a safer place.

Welcome to the 'Scan of the Month' challenge. The purpose of these challenges are to help the security community develop the forensic and analysis skills to decode real attacks. It can be difficult finding real attacks that you can analyze and share your results with the community. These challenges address that problem. This is done by taking attacks we have captured in the wild and challenging the security community to decode them. Unfortunately, due to resource limitations, we can no longer provide a new challenge every month.

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis we have decided to gather all of them for you in an available and safe way. theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev.

Github: https://github.com/ytisf/theZoo

IBM X-Force Exchange Threat Feed Manager

Introducing threat feed manager: you can now view external sources of threat intelligence within XFE.

WebPulse contains a database of over 15 million entries and is growing every day. It provides URL identification to the PacketShaper via requests to WebPulse service points located across the globe. Each service point is periodically pinged in order to ensure that category, application, and operation IDs are provided from the fastest service point.

The two visualizations on this page are simple graphs which provide different views of how the assignment of vulnerability types has changed over time.

This is a list of data sources that may be useful to cyber security. We are documenting these sources as part of an ongoing project, Stucco.

I am an independent security analyst providing cyber threat intelligence and network traffic associated with malware infections. I am located in the Albany, New York area.
All domains and URLs listed on this website should be considered as dangerous and could cause damage to your computer. We do not provide clickable active hyperlinks to these sites.

Use this website at your own risk!

David Sharpe from GE-CIRT. So, mature CIRTs are supposed to have people hunting for APT, right? Don’t have a hunt team yet? Don’t know what to hunt for, or how or where to hunt? You are not alone. This talk will cover a range of effective and practical techniques that have worked over the years for finding targeted intrusions.

Hackmiami Conference 2016

Continuing TinyNuke Explained - part I, we review the available features of TinyNuke through the control panel, deploy a bot to our client machine, and perform attacks against our client.

In this video we review the setup requirements for installing and deploying TinyNuke.

Nuclear or TinyNuke is a full fledged banking trojan its main features are:

• Formgrabber and Webinjects for Firefox, Internet Explorer and Chrome. Can inject x86 as well as x64 browsers.
• Reverse SOCKS 4
• HVNC like Hidden Desktop
• Trusteer Bypass
• ~32kb binary with obfuscated strings ~20kb without

Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites.
Ransomware Tracker provides a short guideline for both home users and enterprises on how to avoid becoming a victim of Ransomware.
Ransomware Tracker offers various blocklists. These blocklists allows enterprises to block malicious traffic towards known Ransomware infrastructure at the network edge, e.g. by blocking them on the corporate firewall, web proxy or in the local DNS server.

Together, we resolve major lingering security issues on the Internet, such as SSL governance and the spread of botnets and malware, by ensuring security is built into the very fabric of private and public clouds.
TIM, the Trustworthy Internet Movement is a non-profit, vendor-neutral organization leveraging the power of the global security community to advance industry-wide technology innovations and initiatives for actionable change.