Highlighted
Absent Member.
Absent Member.
986 views

Does anyone have a python script they would like to share that scrapes open-source websites for malicious indicators? (ie. Malwaredomainlist.com, autoshun.org)

Jump to solution

Does anyone have a python script they would like to share that scrapes open-source websites for malicious indicators? (ie. Malwaredomainlist.com, autoshun.org) Thanks!

0 Likes
1 Solution

Accepted Solutions
Highlighted
Honored Contributor.
Honored Contributor.

The ArcOSI project was renamed to Bad Harvest and was also offered for free at one point in time.  It seems to have disappeared from Threatsteam's website though, so I have attached the .zip.  But as you mentioned w/ ArcOSI you still need to update some source URLs.  I personally also updated the domain regex to include some missing TLDs (not reflected in this .zip, this is the original code).

View solution in original post

0 Likes
9 Replies
Highlighted
Absent Member.
Absent Member.

Are you looking for help with the code, or help with sources of data?

If Code is what you want:

arcosi - ArcSight Open Source Intelligence Utility - Google Project Hosting

This isn't maintained so you will need to update the source URL's, but it should get you started.

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Yeah i was going to suggest the same thing

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

The ArcOSI project was renamed to Bad Harvest and was also offered for free at one point in time.  It seems to have disappeared from Threatsteam's website though, so I have attached the .zip.  But as you mentioned w/ ArcOSI you still need to update some source URLs.  I personally also updated the domain regex to include some missing TLDs (not reflected in this .zip, this is the original code).

View solution in original post

0 Likes
Highlighted
New Member.

You could also try enigma

https://enigmaindicators.codeplex.com/

0 Likes
Highlighted
New Member.

I've also a list of free malicious content to add in your own script if you want it.

I'll check on monday to share

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Over here on Protect724

I wrote a simple short python script to retrieve a fresh list of tor exit nodes and format as CSV in preparation for Logger import as Static Correlation Table, available via the Lookup command.

Keep this script handy...you might be wanting to update the logger lookup tables on a regular basis...stay tuned...

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

And yes, with Logger 6.1 you can now update Lookup files on disk underneath Logger and schedule Logger to look at the file for changes. If the file was changed, the new file will be loaded.

0 Likes
Highlighted
Honored Contributor.. Honored Contributor..
Honored Contributor..

Hi Danje57!

If you can share your script you mentionned, it would be a nice gesture.

Best regards,

0 Likes
Highlighted
Absent Member.
Absent Member.

I got the script working and I can verify that the traffic is hitting the Soft Connector with a UDP Syslog connector installed however the events are not processed/forwarded along. Is there a setting on the connector that I need to fix?

Thanks!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.