TOOL: IACINet Metrics
LINK: https://metrics.iacinet.global/tools/iacimets.php
DESCRIPTION: This tool will display the various live metrics of numbers from the IACINet servers to include:
- File metrics; vaious metrics of numbers of files ingested by IACINet servers
- Hacking alert metrics; numbers of hacking related alerts generated
- Fraud metrics; numbers of potential stolen credit cards
- Credential pairs; various metrics of numbers of credential pairs
- Darkweb sites observed; various metrics on numbers of Darkweb sites observed
- Encrypted files; various metrics of numbers of encrypted files observed in transit
TOOL: IACINet Pastebin Mirror
LINK: https://metrics.iacinet.global/tools/pasta.php
DESCRIPTION: IACINet maintains a repository of known public paste site posts such as
Pastebin (https://www.pastebin.com).
A paste or text sharing site is a type of online content hosting service where users can store plain text, to source code snippets for code review via a
variety of methods. Pastebin.com is one of the most popular paste sites. Many cyber criminals use Pastebin to publish their manifesto or copies of their
exploits. Public pastes are often removed for a variety of reasons. IACINet has attempted to create a copy of every paste made since the beginning of 2019,
even if the original on Pastebin.com is no longer accessible. If there is a need by a user to find a particular paste page and it is no longer online,
the user will only need to enter the Pastebin key that needs to be acquired. For instance if the user needed to find the paste at
https://pastebin.com/DXyQTXpU,the user would access the tool and put DXyQTXpU into the “Pasta Key” field and
then click/tap the “Get Pasta” button. If you use the example just provided, you will see that the original paste is no longer online, however the IACINet
tools has captured and retained the original paste content.
TOOL: IACINet BIN/IIN Search
LINK: https://metrics.iacinet.global/tools/seenbin.php
DESCRIPTION: IACINet maintains a list of BIN/IIN numbers it has allegedly seen and what bank those BIN/IIN numbers belong with. To obtain metrics on a
specific BIN/IIN number, put the six-digit BIN/IIN number in the field and click/tap the “ACQUIRE DATA” button. The system will retrieve information
about the BIN/IIN and display it on the screen.
TOOL: IACINet Hash Value Checker
LINK: https://metrics.iacinet.global/tools/hashy.php
DESCRIPTION: IACINet maintains an encrypted/hashed version of cards numbers it has previously seen before. If a user would like to check to see if a
particular card has ever been seen by IACINet sensors before, the user would access this page and enter a SHA256 HASHED version of a credit card number.
ONLY SHA256 HASHES will be accepted by the system. DO NOT ENTER A CARD NUMBER,
it will be rejected by the system. If a match to the SHA256 is present on the system, it will display a limited subset of what it knows about that hash.
TOOL: IACINet IP Blacklist Checker
LINK: https://metrics.iacinet.global/tools/blcheck.php
DESCRIPTION: IACINet has a tool to check if an IP address has been included in a large number of blacklists around the world. This is useful if a user would
like to know information about an IP to include:
- If the address is a known/active TOR (Darkweb) exit node
- If the IP has been seen on VirusTotal before
- Geographic data aboutthe IP address
- If the IP entered is a common infrastructure IP address
TOOL: IACINet Domain Information Checker
LINK: https://metrics.iacinet.global/tools/dominfo.php
DESCRIPTION: IACINet tool to check the information about the given domain such as who the domain belongs to, when it was registered, who the registrar is,
etc. The tool is derived from a basic `whois` query and then simplified and output to the screen.
TOOL: IACINet Mobile Network Address Identification
LINK: https://metrics.iacinet.global/tools/mobilechk.php
DESCRIPTION: IACINet has a tool to check if an IP address is part of a mobile network. This information is useful to determine if an IOC IP address is part
of a mobile carrier network as well as other important metadata about that network.
TOOL: IACINet Hostname to IP address
LINK: https://metrics.iacinet.global/tools/host2ip.php
DESCRIPTION: IACINet has provided a tool to take a list of hostnames and convert them to IP addresses. A user can upload a text (.TXT) file with one host
name per line. The job will run and output the list of hostnames with their IP addresses. The temporary file uploaded to check the IP addresses will be
deleted from the server upon completion of the job. The user will choose a file to upload, then press/tap the “Upload File” button.
TOOL: IACINet IP address to hostname
LINK: https://metrics.iacinet.global/tools/ip2host.php
DESCRIPTION: IACINet has provided a tool to take a list of IP address and show what hostnames they resolve to. A user can upload a .TXT file with one IP per
line. The job will run and output the list of IP addresses with their corresponding hostnames. The temporary file uploaded to check the hostnames will be deleted
from the server upon completion of the job. The user will choose a file to upload, then press/tap the “Upload File” button.
TOOL: IACINet Email Domain Info
LINK: https://metrics.iacinet.global/tools/emaildomainu.php
DESCRIPTION: This tool searches IACINet resources for observed email domains and provides a numerical output of total sightings, as well as a timestamp of the
first and last observation. Additional context and the specific email addresses may be requested by emailing analysis@certifiedisao.org.
TOOL: Look-Alike Domain Finder
LINK: https://metrics.iacinet.global/tools/twisty.php
DESCRIPTION: IACINet sources and returns resultsr for potential malicious similar domain impersonation (URL hijacking, cybersquatting, typosquatting, phishing,
malware, hijacking, email addresses, etc. Results can be sent to the screen or emailed to the searcher
TOOL: IACINet Bad IP Metrics
LINK: https://metrics.iacinet.global/tools/badipmetrics.php
DESCRIPTION: This tool will display the real-time statistics for the basis behind IACI’s blocklists. The page shows metrics that include:
- Known bad / maliciousGoogle IP addresses
- Known bad / maliciousAmazon IP addresses
- Known “research company” IP addresses
- IP addresses listed by country
- Top bad malicious IP addresses sorted by number of times seen
The page is non-autorefresh but is live metrics. Refreshing (reloading) the page to see the most current statistics is required.
TOOL: IACINet MEGZ.NZ Link Identification Tool
LINK: https://metrics.iacinet.global/tools/meganz.php
DESCRIPTION: This tool will check a provided Mega.nz file sharing link and return its associated metadata. This is done in the back-end without the need to
visit Mega’s file sharing site or create an account on the server. This service is useful if a link is acquired and there is a need to know the decrypted
deobfuscated metadata which is contained in the link.
TOOL: DHS Indicator Bulletin (IB) Information & Intelligence
LINK: https://metrics.iacinet.global/tools/dhsib.php
DESCRIPTION: CISCP produces many products, one of those products is Indicator Bulletins (IB). IB provide frequent, timely, and actionable cyber threat
information regarding IOCs and vulnerabilities derived from government sources and industry partners.
TOOL: DHS Indicator Bulletin (IB) Information & Intelligence (By Sector)
LINK: https://metrics.iacinet.global/tools/dhsibsector.php
DESCRIPTION: CISCP produces many products, one of those products is Indicator Bulletins (IB). IB provide frequent, timely, and actionable cyber threat
information regarding IOCs and vulnerabilities derived from government sources and industry partners.
TOOL: DHS Indicator Bulletin (IB) Information & Intelligence (By Date)
LINK: https://metrics.iacinet.global/tools/dhsibdate.php
DESCRIPTION: CISCP produces many products, one of those products is Indicator Bulletins (IB). IB provide frequent, timely, and actionable cyber threat
information regarding IOCs and vulnerabilities derived from government sources and industry partners.
TOOL: DHS Malware Analysis Reports (MAR) Information and Intelligence
LINK: https://metrics.iacinet.global/tools/dhsmar.php
DESCRIPTION: CISCP produces many products, one of those products is Malware Analysis Reports (MAR). Provide detailed descriptions of malware actions
on an infected host and the associated code analysis with insight on the malware's specific TTPS.
TOOL: DHS Malware Analysis Reports (MAR) Information and Intelligence (By Date)
LINK: https://metrics.iacinet.global/tools/dhsmardate.php
DESCRIPTION: CISCP produces many products, one of those products is Malware Analysis Reports (MAR). Provide detailed descriptions of malware actions
on an infected host and the associated code analysis with insight on the malware's specific TTPS.
TOOL: MULTI-STATE ISAC (MS-ISAC) Information and Intelligence
LINK: https://metrics.iacinet.global/tools/msisac.php
DESCRIPTION: CISCP and DHS with their partner, the Multi-state ISAC (MS-ISAC), also put out information related to IOC seen by MS-ISAC sensors provided by DHS.
IACI captures that information and then processes them through its Malware Information Sharing Platform (MISP) instance to extract actionable, relevant IOCs for our partners..
TOOL: MULTI-STATE ISAC (MS-ISAC) Information and Intelligence (By Date)
LINK: https://metrics.iacinet.global/tools/msisacdate.php
DESCRIPTION: CISCP and DHS with their partner, the Multi-state ISAC (MS-ISAC), also put out information related to IOC seen by MS-ISAC sensors provided by DHS.
IACI captures that information and then processes them through its Malware Information Sharing Platform (MISP) instance to extract actionable, relevant IOCs for our partners..
TOOL: CVE Information Search
LINK: https://metrics.iacinet.global/tools/search_cve.html
DESCRIPTION: This tool parses several known GIT or software repositories that provide extensive information on CVE's The information includes location of
GIT repositories that collect and analyze CVE's as well as GIT repositories that have proof of concept software for exploiting CVE's. This tool can help
in the creation of mitigation strategy or provide information on exactly what a vulnerability will do if exploited.
TOOL: CISA Known Exploited Vulnerabilities Catalog
LINK: https://metrics.iacinet.global/tools/exploitedcves.php
DESCRIPTION: This page will display data from CISA's Known Exploited Vulnerabilities Catalog. CISA released a directive in November 2021,
recommending urgent and prioritized remediation of actively exploited vulnerabilities (CVE's). This IACI tool captures this CISA data and displays
the most current additions to this catalog in order to help facilitate workflow planning and remediation strategy.
TOOL: CISA NCAS Feed Data
LINK: https://metrics.iacinet.global/tools/cisa_ncas_ics.html
DESCRIPTION: This page will display data from CISA's National Cyber Awareness System (NCAS). The feeds provide insight into vulnerabilities
reported to CISA and analysis of malware by the DHS CISA team. There are four feeds that comprise this page:
- Current Activity: Provides up-to-date information about high-impact types of security activity.
- Alerts: Provide timely information about current security issues, vulnerabilities, and exploits.
- Bulletins: Provide weekly summaries of new vulnerabilities. Patch information is provided when available.
- Analysis Reports: Provide in-depth analysis on a new or evolving cyber threat.
TOOL: NCAS Alerts
LINK: https://metrics.iacinet.global/tools/ncasalerts.php
DESCRIPTION: The National Cyber Awareness System (NCAS) offers a variety of information for users with varied technical expertise. Alerts provide
timely information about current security issues, vulnerabilities, and exploits. This page serves as a reference to the NCAS Alerts, their summary,
and a link to the technical and remediation information on the Cybersecurity & Infrastructure Security Agency (CISA) website. IACI captures these
alerts and then processes them through its Malware Information Sharing Platform (MISP) instance to extract actionable, relevant IOCs for our
partners.
TOOL: MS-ISAC ADVISORIES
LINK: https://metrics.iacinet.global/tools/msisac.html
DESCRIPTION: The Multi-State Information Sharing and Analysis Center (MS-ISAC) is a CISA-supported collaboration with the Center for Internet Security
designed to serve as the central cybersecurity resource for the nation's State, Local, Territorial, Tribal (SLTT) governments. MS-ISAC provides a
current threat level assessment and the latest information on known vulnerabilities in popular software and systems.
TOOL: IACINet NVD Feed (by Vendor)
LINK: https://metrics.iacinet.global/tools/nvd.html
DESCRIPTION: This is a custom feed created by the IACI-CERT team to allow IACI members to quickly determine which CVE’s are relevant to them.
The feed is created daily at 11AM Eastern and will be available online each day by 11:05 AM Eastern. The page lists only the CVE items that have
been updated/changed in the last 24 hour period.
TOOL: IACINet NVD Feed (by CVE updated in the last 24 hours)
LINK: https://metrics.iacinet.global/tools/nvd2.html
DESCRIPTION: This is a custom feed created by the IACI-CERT team to allow IACI members to quickly determine which CVE’s are relevant to them.
The feed is created daily at 11AM Eastern and will be available online each day by 11:05 AM Eastern. The page lists only the CVE items that have
been updated/changed in the last 24 hour period. The page is also exported and sent as an email report to members that wish to have it consumed
that way.
TOOL: CWE Top 25
LINK: https://metrics.iacinet.global/tools/cwe_top25.html
DESCRIPTION: This tool shows the Top 25 Common Weakness Enumeration statistics as provided by Mitre. CWE is a list of software and hardware weaknesses
types. Links in the provided table will take the user to the MITRE website where more information, including mitigation strategy.
