Description

Automatically created C2 Feeds | Also posted via @drb_ra

Feeds ( Source/Raw Data courtesy of Censys - https://censys.io/ )

Search 2.0 has massively improved detection rates on non-standard ports. Great job Censys Team!

By default C2s seen active in the last 7 days are added to the main feed files. There is also a 30 day feed for any C2 seen live in the last 30 days.

• C2 IPs - Live C2 IP (no frontend or CDN IPs - All bad)
• C2 Domains - All domain names extracted from implants, including domain fronting values and fake Host headers (High abuse of MS, Apple and Google).
• C2 Domains Filtered - Excludes several domains abused in domain fronting, along with fake headers for popular sites. Current filter list see: exclusions.rex file
• C2 Domains with URL - Same as domains and domains filtered but including an extra column with the URI path of the C2
• C2 Domains with URL and IP - Same as domains and domains filtered but including an extra column with the URI path of the C2 and another with the C2 IP
• Unverified C2 IPs - Live C2 IPs based simply on the Censys search/query no validation can easily be performed or further configuration extracted. Some however are extremely accurate.

More Information

URL: https://github.com/drb-ra/C2IntelFeeds

Maintenance Status: Active

Last Updated Date: Every 7 days

Formats Available: See website.

Social Media Links: https://github.com/drb-ra/C2Intel

Contact Information: Unknown

Single or Multiple: Single

License Information: See website.