...
Bogon
Bogons are commonly found as the source addresses of DDoS attacks. “Bogon” is an informal name for an IP packet on the public Internet that claims to be from an area of the IP address space reserved, but not yet allocated or delegated by the Internet Assigned Numbers Authority (IANA) or a delegated Regional Internet Registry (RIR). The areas of unallocated address space are called “bogon space”. Many ISPs and end-user firewalls filter and block bogons, because they have no legitimate use, and usually are the result of accidental or malicious misconfiguration.
Bot_IP
Enables protection against self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices, or “botnet.” With a botnet, attackers can launch broad-based, “remote-control,” flood-type attacks against their target(s). Bots can also log keystrokes, gather passwords, capture and analyze packets, gather financial information, launch DoS attacks, relay spam, and open back doors on the infected host.
Cryptocurrency
The use and mining of cryptocurrency is not inherently benign or malicious, or used exclusively by threat actors or general users. However, over the last several years, it has been increasingly used for illegal and/or fraudulent activities such as human trafficking, black market sales/purchases, and ransomware payments, and others. Cryptocurrency mining can impair system performance and risk end users and businesses to information theft, hijacking, and a plethora of other malware. This feed features threats that allow malicious actors to perform illegal and/or fraudulent activities, coinhives that allows site owners to embed cryptocurrency mining software into their webpages as a replacement to normal advertising, Cryptojacking that allows site owners to mine for cryptocurrency without the owner’s consent, and cryptocurrency mining pools working together to mine cryptocurrency. This feed features indicators of activity which may indicate malicious or unauthorized use of Cryptocurrency
The use and mining of cryptocurrency is not inherently benign or malicious, or used exclusively by threat actors or general users. However, over the last several years, it has been increasingly used for illegal and/or fraudulent activities such as human trafficking, black market sales/purchases, and ransomware payments, and others. Cryptocurrency mining can impair system performance and risk end users and businesses to information theft, hijacking, and a plethora of other malware. This feed features threats that allow malicious actors to perform illegal and/or fraudulent activities, coinhives that allows site owners to embed cryptocurrency mining software into their webpages as a replacement to normal advertising, Cryptojacking that allows site owners to mine for cryptocurrency without the owner’s consent, and cryptocurrency mining pools working together to mine cryptocurrency. This feed features indicators of activity which may indicate malicious or unauthorized use of resources including: coinhive which can be embedded into a site owner’s web pages to lie cryptocurrency with the visitor’s permission as an alternative to web banner advertising; cryptojacking where malicious actors use in-browser mining without the victim’s consent; and cryptocurrency mining pools working together to mine cryptocurrency.
...
SURBL_Multi_Lite
Designed to fit on appliances with limitations on the number of threat intelligence entries that can be loaded, SURBL Multi lite is a subset of threat intelligence entries from the SURBL Multi threat feed. SURBL Multi Lite is narrowed down to include concise and targeted threat intelligence focusing on only the most current and fully malicious sites. The combined set includes malware, phishing and botnet activity.
Spambot_DNSBL_IP
In DNSBL format, this feed contains IPs of known spam servers. Enables protection against a computer or bot node as part of a botnet seen sending spam. Can be used to help block incoming Spam or potentially malicious emails from known spam sources by feeding into your email platform or appliance. please note, the Spambot_DNSBL_IP feed contains the same data as the Spambot IP feed above, but is formatted differently for RPZ zone file use.
...
only the most current and fully malicious sites. The combined set includes malware, phishing and botnet activity.
Spambot_DNSBL_IP
In DNSBL format, this feed contains IPs of known spam servers. Enables protection against a computer or bot node as part of a botnet seen sending spam. IPs listed are also frequently found with a poor/negative reputation on that IP address. Recommended to run in ‘logging’ mode prior to blocking to see what would have been blocked. Can also of a botnet seen sending spam. Can be used to help block incoming Spam or potentially malicious emails from known spam sources by feeding into your email platform or appliance. please note, the Spambot_DNSBL_IP feed contains the same data as the Spambot IP feed above, but is formatted differently for RPZ zone file use.
Suspicous_Domains
The Suspicious_Domains feed enables protection against hostnames that have not been directly linked to malicious behavior but behave in a manner that suggests malicious behavior may be imminent.
...