C2-Tracker - Live Feed Of C2 Servers, Tools, And Botnets
2024-4-24 10:23:0 Author: www.kitploit.com(查看原文) 阅读量:30 收藏

Free to use IOC feed for various tools/malware. It started out for just C2 tools but has morphed into tracking infostealers and botnets as well. It uses shodan.io/">Shodan searches to collect the IPs. The most recent collection is always stored in data; the IPs are broken down by tool and there is an all.txt.

The feed should update daily. Actively working on making the backend more reliable

Honorable Mentions

Many of the Shodan queries have been sourced from other CTI researchers:

Huge shoutout to them!

Thanks to BertJanCyber for creating the KQL query for ingesting this feed

And finally, thanks to Y_nexro for creating C2Live in order to visualize the data

What do I track?

Running Locally

If you want to host a private version, put your Shodan API key in an environment variable called SHODAN_API_KEY

echo SHODAN_API_KEY=API_KEY >> ~/.bashrc
bash
python3 -m pip install -r requirements.txt
python3 tracker.py

Contributing

I encourage opening an issue/PR if you know of any additional Shodan searches for identifying adversary infrastructure. I will not set any hard guidelines around what can be submitted, just know, fidelity is paramount (high true/false positive ratio is the focus).

References

C2-Tracker - Live Feed Of C2 Servers, Tools, And Botnets C2-Tracker - Live Feed Of C2 Servers, Tools, And Botnets Reviewed by Zion3R on 10:23 PM Rating: 5


文章来源: http://www.kitploit.com/2024/04/c2-tracker-live-feed-of-c2-servers.html
如有侵权请联系:admin#unsafe.sh