Bug #4669
openthreatexpert usage in reference.config
Description
threatexpert.com is no longer resolving. Quick look at passive dns data shows this stopped on or around 2020-03-13.
there are currently two usages of threatexpert.com in the reference.config
config reference: threatexpert http://www.threatexpert.com/report.aspx?md5= config reference: md5 http://www.threatexpert.com/report.aspx?md5=
WRT the "threatexpert" reference type, I'm not too sure how to handle the "threatexpert" reference type, given it's possible to be used in current rules, and removing it from the reference.config would render those rules invalid.
It would appear the ETPRO ruleset does not contain any references to the "threatexpert" reference type.
WRT md5 reference type, I imagine this could be changed to either virustotal (https://www.virustotal.com/gui/search/) or malware bazaar (https://bazaar.abuse.ch/browse.php?search=md5%3A)
Updated by Victor Julien over 2 years ago
Maybe we should setup a simple landing page that explains the issue and offers some alternative links?
Updated by Philippe Antoine 6 months ago
- Target version set to TBD
@Jeff Lucovsky did you take a stab at this recently ?