FreeTAXII - A TAXII 2 Server

 

Collection Service

Path: /osint/collections/2d4f44e6-974b-4d0b-982c-ef9f98ddd176/
Objects URL: /osint/collections/2d4f44e6-974b-4d0b-982c-ef9f98ddd176/objects/


ID: 2d4f44e6-974b-4d0b-982c-ef9f98ddd176
Title: Feodo IP Blocklist
Description: The Feodo Tracker Feodo IP Blocklist contains IP addresses (IPv4) used as C&C communication channel by the Feodo Trojan. This lists contains two types of IP address: Feodo C&C servers used by version A, version C and version D of the Feodo Trojan (these IP addresses are usually compromised servers running an nginx daemon on port 8080 TCP or 7779 TCP that is acting as proxy, forwarding all traffic to a tier 2 proxy node) and Feodo C&C servers used by version B which are usually used for the exclusive purpose of hosting a Feodo C&C server. Attention: Since Feodo C&C servers associated with version A, version C, version D and version E are usually hosted on compromised servers, its likely that you also block/drop legit traffic e.g. towards websites hosted on a certain IP address acting as Feodo C&C for version A, version C and version D. If you only want to block/drop traffic to Feodo C&C servers hosted on bad IPs (version B), please use the blocklist BadIPs documented below.
Can Read: true
Can Write: false
Media Types: application/stix+json;version=2.1

 


Copyright 2017 - Bret Jordan