Included as part of your AUSCERT Membership, our Threat Intelligence Service includes collecting, analysing and interpreting information from various sources to gain insights into the Tactics, Techniques, and Procedures (TTPs) employed by threat actors. As a not for profit with over thirty years experience we acquire threat indicators from trusted communities and organisations globally. By leveraging this intelligence, organisations can strengthen their security posture, enhance their threat detection capabilities, and respond effectively to cyber threats, subsequently reducing the risk of successful attacks and minimising the potential impact on their systems and data.
The AUSCERT Daily Intelligence Report (ADIR) is a daily summary of cyber security news curated by our analysts from multiple reliable sources that enables you to stay up to date with current news and alerts. Each Friday we issue a “Week in Review” (WIR) summary with AUSCERT announcements, essential security bulletins, and key news articles from the week.
Sensitive Information Alerts notify members when our analyst team identifies leaked credentials or other sensitive material related to their organisation. These alerts are delivered via email and include an encrypted file containing the relevant data for your internal review and action. The alerts typically involve compromised credentials, such as usernames in the form of email addresses and associated authentication strings (hash or passwords). The AUSCERT team monitors a wide range of sources, including the dark web, ransomware leak sites, international CERTs, and trusted partners. Alerts are generated based on domains registered to your organisation, as nominated and verified through your membership account.
Members who opt into AusMISP will be given access to our MISP instance, which is a shared feed of curated threat intelligence acquired from trusted communities and organisations. It includes AUSCERT’s examination of captured malware and other threat samples, as well as dependable third-party sources and members including the ACSC CTIS (Cyber Threat Intelligence Sharing) data.
Utilise the provided threat indicators to enhance your network security by integrating them into defensive controls like SIEMs, firewalls, IDS/IPS, ACLs, web proxies, and mail filters.
AusMISP serves as a tactical threat intelligence tool, empowering you to obtain and share timely cyber security-related data from other members and AUSCERTS community.
This includes a comprehensive database that stores both technical and non- technical information about malware, incidents, attackers, and intelligence, such as:
AusMISP can help you identify relationships between attributes and indicators from malware, previous attack campaigns, or analysis through its correlation engine. This aids in connecting campaigns and understanding the techniques used in incidents.
The AUSCERT Malicious URL Feed is a live feed and content is frequently added and removed based upon ongoing AUSCERT analysis and intelligence. It can be added to your firewall’s blocklist, web proxy, content filters, IDS/IPS, and SIEM, to prevent or detect compromises to your network. AUSCERT encounters numerous phishing and malware attacks which are analysed and curated into this Australian-based feed.
It is available for two different time periods:
It’s an all-inclusive feed, for Phishing and Malware in both txt and xml formats.