World Crime Feeds – OneFirewall WCF

World Crime Feeds (WCF) contains real time data for cyber-attacks across the globe. WCF is powered using the following four main sources:

1. Cyber-attacks feeds from alliance members submissions
2. Open Source Threat Feeds (Emerging threats, AlienVault, etc…)
3. Security Partners and Paid services ( Labs, etc…)
4. OneEye Forecast (offered only to enterprise alliance members)

WCF indexes are currently: 1.5 million IPv4 Networks 600 million single IPv4 address (~7% of the total internet)

As the IP/s are fluid during the span of the time and cyber actors constantly change network and location, OneFirewall developed a propriety algorithm to decline the importance of these events during the time. From the current Data Base the total IPs that are blocked from OneFirewall Alliance members are ~511k (~0.6% of the total internet is blocked).

1. 29 OneFirewall Alliance Members
2. Cyber Threat Alliance – (https://cyberthreatalliance.org/)
3. Machine Learning in parternship with Polytechnic University of Turin (https://www.polito.it/index.php?lang=en)
4. Europe based Telecommunication Company (Security Partner)
5. [confidential] Russian multinational cybersecurity and anti-virus provider (Security Partner)
6. Alienvault/AT&T Cybersecurity – https://cybersecurity.att.com/
7. CIArmy/CINS Score (http://www.ciarmy.com/)
8. Emerging Threats, Compromised IPs – (https://www.proofpoint.com/us)
9. Rutgers Department of Computer Science – (https://resources.cs.rutgers.edu/)
10. Botnet C2 IP Ruleset & SSL BlackList – (https://sslbl.abuse.ch/)
11. GreenSnow – (https://greensnow.co/)
12. FireHOL – (http://iplists.firehol.org/)
13. BAD IPs – (https://www.badips.com/)
14. SANS Internet Storm Center – (https://www.dshield.org/)
15. Blocklist – (http://www.blocklist.de/)
16. Phishtank – (https://phishtank.com/)
17. IP Blacklist – (http://www.darklist.de/)
18. Norwegian UNIX User Group
19. Cybercrime Tracker – (https://cybercrime-tracker.net)
20. Artists Against 419 – (https://db.aa419.org/)
21. ADBlockPlus – (https://adblockplus.org/)
22. Joewein.de LLC (Tokyo, Japan)
23. VX Vault – (http://vxvault.net/)
24. IP Quality Score – (https://www.ipqualityscore.com/)
25. Project HoneyPot – (https://www.projecthoneypot.org)
26. Honey DB – (https://honeydb.io)
27. Abuse IPDB – (https://www.abuseipdb.com/)
28. MalwareDomainList – (http://www.malwaredomainlist.com/)
29. Prof. Charles B. Haley personal feeds
30. StopForumSpam (https://stopforumspam.com/)
31. Malc0de – (http://malc0de.com/)
32. BlockList – (http://www.blocklist.de/en/index.html)

The total connectors are accountable for 790 CTI Feeds sources
The service is offered via a Red5 subscription and is consumable via HTTP API, API documentation is available, however most alliance members are expected to use WCF-Agent to interact with WCF.

For enterprise-subscribed alliance members OneFirewall offers the free of charge development of new or custom plugins of WCF Agent. More details about the cyber-crime sources are described below

World Crime Feeds (WCF) contains real time data for cyber-attacks across the globe. WCF is powered using the following four main sources:

1. Cyber-attacks feeds from alliance members submissions
2. Open Source Threat Feeds (Emerging threats, AlienVault, etc…)
3. Security Partners and Paid services ( Labs, etc…)
4. OneEye Forecast (offered only to enterprise alliance members)

WCF indexes are currently: 1.5 million IPv4 Networks 600 million single IPv4 address (~7% of the total internet)
As the IP/s are fluid during the span of the time and cyber actors constantly change network and location, OneFirewall developed a propriety algorithm to decline the importance of these events during the time. From the current Data Base the total IPs that are blocked from OneFirewall Alliance members are ~511k (~0.6% of the total internet is blocked).

As the core of OneFirewall Alliance solution, WCF provides via API a real time threat intelligence service that can prevent cyber actors with malicious intent from accessing the alliance member technological platform