The Foofus.Net team is an assortment of security professionals and wannabes located somewhere in the Midwestern United States. This site exists to support the various tools and ideas that we’ve made public, along with aiding to fill our DefCon beer fund.

ThreatMiner is designed to be an analyst's first portal to visit when doing threat research and here's why.

Threat intelligence and intrusion analysts who regularly perform research into malware and network infrastructure often find the need to rely on mutliple websites that individually holds a small piece of the larger puzzle.

Furthermore, it is often the case where pivoting directly from an open source research report is unavailable and that it is sometimes difficult to remember if an indicator has alredy been reported and/or attributed. All these small but frustrating obstacles distract an analyst from what they do best: analyse.

This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

Welcome to PunkSPIDER: a global web application vulnerability search engine.
Deeper, faster, harder scans

Having this as hobby project I usually have time to focus on following only single malware threat at a time - now I have main focus on Locky download sites. If I read some interesting whitepaper, I will probably import some links/hashes to tracker database here and there, but in general I do not verirify or follow on those. This site is considered to be mainly research platform and directly using the data for blacklisting is not recommended. At least you should make sure to filter out with some reasonable whitelist. For example if some malware will be connecting to for example 'http://google.com/70.exe?1' (as Teslacrypt did to query connection) or to '//plus.google.com/u/0/115747778649102578052/about' or 'https://twitter.com/linketelin' (as PlugX samples d9af894d51ba61075c7cd329b0be52df, 02a175b81144b8fa22414e9cf281f71c did) then such links can be found in the listings of tracker although I am not saying the sites as such should be blocked.