Skip to content

A centralized location for threat data from the Animus sensor network

Notifications You must be signed in to change notification settings

xueyi28/threat_data

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 

Repository files navigation

Animus Threat Data Repository

Summary

This is a centralized repository for threat data collected by the Animus threat intelligence system. This repository contains reports generated by the Animus system on a daily basis. Additionally, this repository contains a set of master files which include all data collected historically by the honeypot sensors distributed around the Internet.

Currently, Animus threat reports only contain data on SSH threat actors and tactics. Other methods and vulnerabilities are currently being developed.

Features

C2 Mass Scan

Animus mass scans the Internet once per week to locate known-malicious command and control servers which can serve as indicators of compromise (IOCs).

DDOS Target Tracking

Once Animus discovers a C2 server using software it knows how to communicate with, it will connect to the C2 server and begin logging distributed denial-of-service target IP addresses. This allows Animus to track who different adversary groups are targeting with denial-of-service attacks in real time.

Threatbot

Animus collects all data in a centralized repository. This repository can be queried on a per-IP basis via a Twitter bot, @threatbot.

Threatbot will parse one or more IP addresses in a tweet, query the Animus database, and response back with a summarized report of that IP address. This report includes first sighting of attacks from the IP address and most recent attacks from this IP address.

Additionally, Threatbot will tweet once per day with a link to the daily Animus threat report. This tweet will include the total number of attacks received, as well as the most aggresive attacker IP address of the day.

TODO

Animus will be expanding the threat reports to include data on the following threats:

  • Shellshock
  • Heartbleed
  • Wordpress attacks

Additionally, Animus will begin to publish malware signatures and download links in the next revision.

Contact

If you have any questions or feedback about the Animus threat intelligence system, don't hesitate to reach out to the main developer via email or Twitter.

About

A centralized location for threat data from the Animus sensor network

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published