Threat Intelligence is knowledge and information about potential or known cyber threats which pose risks to an organisation’s data, systems, and networks.

This includes collecting, analysing, and interpreting information from various sources to gain insights into the Tactics, Techniques, and Procedures (TTPs) employed by threat actors.

By leveraging this intelligence, organisations can strengthen their security posture, enhance their threat detection capabilities, and respond effectively to cyber threats, subsequently reducing the risk of successful attacks and minimising the potential impact on their systems and data.

Includes

  • AusMISP
  • Malicious URL Feed
  • Sensitive Information Alert
  • AUSCERT Daily Intelligence Report (ADIR)

How we can help

  • The AUSCERT MISP service provides members with threat indicators acquired from trusted communities and organisations. It includes AUSCERT’s examination of captured malware and other threat samples, as well as dependable third-party sources and members.
  • AusMISP serves as a tactical threat Intelligence tool, empowering you to obtain and share timely cyber threat intelligence, including indicators of compromise, attack patterns, and other cyber security-related data. This collaborative intelligence enhances your cyber security posture and helps members better defend against cyber threats and attacks.
  • The AUSCERT Malicious URL Feed can be added to your firewall’s blocklist, web proxy, content filters, IDS/IPS, and SIEM, to prevent or detect compromises to your network. AUSCERT encounters numerous phishing and malware attacks which are analysed and curated into this Australian-based feed.
  • Daily and weekly intelligence reports are available from AUSCERT based on the latest verified cyber security news.
  • Sensitive Information Alerts provide notification via email when sensitive material is found online by our analyst team which specifically targets your organisation. The sensitive material typically consists of leaked credentials such as a username in the form of an email address and an authentication string (hash or passwords). We process data from a variety of sources including the dark web, ransomware leak sites, international CERTs, and our trusted partners. These alerts are based on the domains that are registered to your organisation which is nominated and verified on your membership account.

What's included?

ADIR

The AUSCERT Daily Intelligence Report is a daily summary of cyber security news curated by our analysts from multiple reliable sources that enables you to stay up to date with current news and alerts. Each Friday we issue a “Week in Review” (WIR) summary with AUSCERT announcements, essential security bulletins, and key news articles from the week.

Sensitive Information Alert

Members are issued with a Sensitive Information Alert if leaked credentials or sensitive material are found by our analyst team. Sensitive Information Alerts are issued via email and will include an encrypted file containing the data for your organisation to analyse and action.

AusMISP

Members who opt into AusMISP will be given access to our MISP instance, which is a shared feed of curated threat intelligence, including the ACSC CTIS (Cyber Threat Intelligence Sharing) data.

Utilise the provided threat indicators to enhance your network security by integrating them into defensive controls like SIEMs, firewalls, IDS/IPS, ACLs, web proxies, and mail filters.

AusMISP enables the sharing of diverse security-related data from members. This includes a comprehensive database that stores both technical and non- technical information about malware, incidents, attackers, and intelligence, such as:

  • Indicators of Compromise (IOCs)
  • Indicators of Attack (IOAs)
  • Threat actor information
  • Network intrusion data
  • Vulnerabilities
  • Malware characteristics
  • Threat intelligence
  • Phishing data
  • Financial fraud information.

AusMISP can help you identify relationships between attributes and indicators from malware, previous attack campaigns, or analysis through its correlation engine. This aids in connecting campaigns and understanding the techniques used in incidents.

Malicious URL Feed

This is a live feed and content is frequently added and removed based upon ongoing AUSCERT analysis and intelligence. It is available for two different time periods:

  • Previous 24-hour feed
  • Previous 7 days feed

It’s an all-inclusive feed, for Phishing and Malware in both txt and xml formats.

Become a member

Join a trusted not-for-profit to receive proactive and reactive advice and solutions to current threats and vulnerabilities