This repository contains lists of threat intelligence discovered by the CRU using our internal sandbox built on top of the Perch platform or found while threat hunting. This data is threat intelligence the CRU has been collecting for years and using internally at ConnectWise for threat hunting and threat analysis assistance. We use this intelligence daily, searching for these indicators in our customer's network data to find new threats and filter out false positives. This feed is updated daily.
We see thousands of Mozi bots attempting to spread on a monthly basis. The Mozi tracker is a CSV of all the Mozi URLs we've seen actively in use in the past 14 days.
This is a list of domain names that malware samples attempted to connect to when run through the CRU internal sandbox.
This is a list of IP addresses that malware samples attempted to connect to when run through the CRU internal sandbox.
Suricata rules created by the CRU (Mostly Stu).