Project

General

Profile

Actions

Bug #4669

open

threatexpert usage in reference.config

Added by Brandon Murphy about 3 years ago. Updated 5 months ago.

Status:
New
Priority:
Low
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

threatexpert.com is no longer resolving. Quick look at passive dns data shows this stopped on or around 2020-03-13.

there are currently two usages of threatexpert.com in the reference.config

config reference: threatexpert http://www.threatexpert.com/report.aspx?md5=
config reference: md5        http://www.threatexpert.com/report.aspx?md5=

WRT the "threatexpert" reference type, I'm not too sure how to handle the "threatexpert" reference type, given it's possible to be used in current rules, and removing it from the reference.config would render those rules invalid.
It would appear the ETPRO ruleset does not contain any references to the "threatexpert" reference type.

WRT md5 reference type, I imagine this could be changed to either virustotal (https://www.virustotal.com/gui/search/) or malware bazaar (https://bazaar.abuse.ch/browse.php?search=md5%3A)

Actions

Also available in: Atom PDF