Enrichment Data: Keeping it Fresh
Sept. 9, 2024, 7:50 a.m.
Tags
External References
Description
The article discusses the importance of keeping enrichment data up-to-date for analyzing honeypot attacks. Various sources like Internet Storm Center, URLhaus, SPUR, and VirusTotal are used to enrich data collected from honeypots. The author examines how frequently this data changes and its accuracy over time. VirusTotal data shows that it can take months for a significant increase in malicious hits for a given file hash. URLhaus data demonstrates how the number of reported URLs for an IP address can change rapidly. SPUR data, which provides WHOIS information, shows that while most IP addresses maintain consistent information, some experience frequent changes in organization or location details. The article emphasizes the need for regular updates and the use of multiple enrichment data sources for accurate threat analysis.
Date
Published: Sept. 9, 2024, 7:38 a.m.
Created: Sept. 9, 2024, 7:38 a.m.
Modified: Sept. 9, 2024, 7:50 a.m.
Indicators
306f0c79ad9ee76e996556f909306fda5704b456d670aa9daeb54760b4b5e4f6
47b268c21591069bfe4099833ad66b8138a53ab2dcb866e040d466aee1f8624c
062ba629c7b2b914b289c8da0573c179fe86f2cb1f70a31f9a1400d563c3042a
193.42.33.81
179.43.175.5
Attack Patterns
T1596
T1583
T1590
T1036
T1592
T1027