LimaCharlie makes use of many popular threat feeds and lookups. Subscribe to a number of threat feeds each at the click of a button, or leverage your own using our simple integration model for lookups.

 
alienvault.png

AlienVault IP Reputation 

AlienVault’s open threat exchange reputation monitor provides security professionals with the ability to understand the reputation of those systems interacting with their network, as well as continuous insight into the reputation of their own organization’s systems.

Learn more about this service here.

Cisco Talos IP Blacklist

The Talos IP and Domain Reputation Center is the world’s most comprehensive real-time threat detection network.

The IP Blacklist is automatically updated every 15 minutes and contains a list of known malicious network threats that are flagged on all Cisco Security Products. This list is estimated to be 1% of the total Talos IP Reputation System.

Learn more about Talos here.

talos.png
baselineit.png

Baseline IT: Malware Hashes

The team at Baseline IT has put together a feed of malware hashes and malware domains found in open-source intelligence (OSINT) that is collected from publicly available sources. This feed also includes attacking Ip's detected by NIDS Sensors EU countries.

Abuse.ch

Abuse.ch runs several projects helping internet service providers and network operators protecting their infrastructure from malware. IT-Security researchers, vendors and law enforcement agencies rely on data from abuse.ch to make the internet a safer place.

Zeus Command & Control Servers. Ransomware related domains. Feodo (Cridex, Bugat) Command & Control. Dyre Botnet.

abuse.png
danme.png

Tor Node List

A full tor node list (not more than one hour old) in script-readable format.

 

Malware Domains

The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware.
riskanalytics.jpg
sednit.png

LoJax: UEFI Rootkit 

Content of the add-on: C&C IP,  DOMAIN, SHA256. UEFI implant for system’s SPI flash memory: This module is able to drop and execute malware on disk during the boot process. This persistence method is particularly invasive as it will not only survive an OS reinstall, but also a hard disk replacement.