Industry Leading Threat Intelligence Feeds
Precisionsec Threat Intelligence Feeds provide leading edge malware and ransomware data, providing you with the ability to recognize and act upon indicators of attack and indicators of compromise quickly. We strive to provide highly contextual threat data with one of the lowest delivery delays, lowest false positive rates and best reaction times in the industry. Precisionsec operates our own internal honeypots and malware automation systems in addition to aggregating many OSINT sources and external data feeds. All of our feeds are verified by experts internally and across the threat intelligence community.
We are monitoring several high-profile malware and ransomware families including Dridex, Locky, and Trickbot. We also actively monitor for attacks on WordPress and Joomla CMS installations. Our intelligence gathering operations are highly focused on the most active and most dangerous threats today.
In addition to high accuracy threat intellgence feeds, we offer raw data feeds on ongoing malware campaigns, custom data feeds including command & control (C&C) information, crimeware and banking malware configurations, malware spam templates, attacker TTP’s, malware hashes and more. Please contact us for any custom requests.
What makes us different?
- Threat intelligence feeds updated every 5 minutes
- Data delivery using industry standard specifications (STIX, TAXII)
- Extensive experience developing and operating automated malware analysis systems
- Active monitoring of OSINT
- Feeds verified internally as well as by vetted community members
- API delivery to seamlessly integrate into your existing solutions
- Custom threat feeds to fit the needs of your specific organization
Dridex Indicators of Compromise (IOC’s)
Dridex is a banking Trojan that is known to be distributed using similar methods to the Locky family of Ransomware. The Dridex banking Trojan is divided into several sub-botnets. Some of the more popular sub-botnets include botnet 120, 122, 220, and 302, however several other botnet numbers have been observed.
We are publishing this data for the purposes of research and protection. Below you will find the most recent Dridex Indicators of Compromise (IOC’s) from our Dridex threat intelligence feed. PLEASE NOTE: These links can harm your computer! You should only access this data if you know what you are doing.
Locky Ransomware Indicators of Compromise (IOC’s)
The Locky Ransomware family is one of the most notorious and ruthless of all the Ransomware released in 2016. It was originally characterized by the .locky file extension of the files it encrypts on the victim computer, although recently the actors have moved to other extensions including .odin, .zepto, .thor, .aesir, .zzzzz, .osiris, .ykcol and most recently: .asasin.
Trickbot Indicators of Compromise (IOC’s)
Trickbot is a banking trojan targeting users in the USA and Europe. It’s was designed for the primary purpose of perpetrating fraud, and known to be spammed out from the Necurs botnet using similar techniques to Dridex and Locky.