Project

General

Profile

Actions
Copy link

Bug #4669

open

threatexpert usage in reference.config

Added by Brandon Murphy about 3 years ago. Updated 4 months ago.

Status:
New
Priority:
Low
Assignee:
Jeff Lucovsky
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:

Description

threatexpert.com is no longer resolving. Quick look at passive dns data shows this stopped on or around 2020-03-13.

there are currently two usages of threatexpert.com in the reference.config

config reference: threatexpert http://www.threatexpert.com/report.aspx?md5=
config reference: md5        http://www.threatexpert.com/report.aspx?md5=

WRT the "threatexpert" reference type, I'm not too sure how to handle the "threatexpert" reference type, given it's possible to be used in current rules, and removing it from the reference.config would render those rules invalid.
It would appear the ETPRO ruleset does not contain any references to the "threatexpert" reference type.

WRT md5 reference type, I imagine this could be changed to either virustotal (https://www.virustotal.com/gui/search/) or malware bazaar (https://bazaar.abuse.ch/browse.php?search=md5%3A)

Actions
Copy link
 #1

Updated by Victor Julien over 2 years ago

Maybe we should setup a simple landing page that explains the issue and offers some alternative links?

Actions
Copy link
 #2

Updated by Philippe Antoine 5 months ago

  • Target version set to TBD

@Jeff Lucovsky did you take a stab at this recently ?

Actions
Copy link
 #3

Updated by Philippe Antoine 4 months ago

  • Assignee set to Jeff Lucovsky
Actions
Copy link

Also available in: Atom PDF