Project

General

Profile

Actions

Bug #4669

open

threatexpert usage in reference.config

Added by Brandon Murphy over 3 years ago. Updated 6 months ago.

Status:
New
Priority:
Low
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

threatexpert.com is no longer resolving. Quick look at passive dns data shows this stopped on or around 2020-03-13.

there are currently two usages of threatexpert.com in the reference.config

config reference: threatexpert http://www.threatexpert.com/report.aspx?md5=
config reference: md5        http://www.threatexpert.com/report.aspx?md5=

WRT the "threatexpert" reference type, I'm not too sure how to handle the "threatexpert" reference type, given it's possible to be used in current rules, and removing it from the reference.config would render those rules invalid.
It would appear the ETPRO ruleset does not contain any references to the "threatexpert" reference type.

WRT md5 reference type, I imagine this could be changed to either virustotal (https://www.virustotal.com/gui/search/) or malware bazaar (https://bazaar.abuse.ch/browse.php?search=md5%3A)

Actions #1

Updated by Victor Julien over 2 years ago

Maybe we should setup a simple landing page that explains the issue and offers some alternative links?

Actions #2

Updated by Philippe Antoine 6 months ago

  • Target version set to TBD

@Jeff Lucovsky did you take a stab at this recently ?

Actions #3

Updated by Philippe Antoine 6 months ago

  • Assignee set to Jeff Lucovsky
Actions

Also available in: Atom PDF