A repository of IoC lists to use for threat hunting queries
| File | Source | Last updated | Comment |
|---|---|---|---|
| netcraft-tlds | Cybercrime on Top Level Domains | 14/04/2024 | Top 20 TLDs selected based on incidents to sites ratio |
| phishing-keywords | PwC-IR Business Email Compromise Guide, The top phishing keywords in the last 10k+ malicious emails we investigated | 04/10/2023 | Phishing subject keywords |
| rmm-software | Detecting RMM tools using Microsoft Defender for Endpoint | 25/11/2023 | DeviceProcessEvents artifacts for RMM tools hunting |
| spamhaus-abused-tlds | The 10 Most Abused Top Level Domains | 14/04/2024 | TLDs with the worst reputations for spam operations |
| crowdstrike-phishing-domains | Don't Fall for It: Hackers Pounce on CrowdStrike Outage With Phishing Emails, Phishers Feast on CrowdStrike Chaos: Exploiting Global Outage for Cyber Scams, Suspicious Domains Exploiting the Recent CrowdStrike Outage! | 20/07/2024 | Domains possibly associated with Crowdtrike phishing |