Bambenek C2 IP Feed

Updated 3 weeks ago by TruSTAR

This article explains how to set up the Bambenek C2 IP Feed premium intelligence source in the TruSTAR platform.

This self-curating feed monitors malicious networks to observe current criminal activity and collect relevant IP information, producing high-confidence data with very low false positives.

  • Source Type: Premium Intelligence
  • Update Type: Feed-based
  • Update Frequency: 15 minutes
  • Time to install: 10 minutes

Observables Supported

  • IP

Requirements

  • A subscription to the Bambenek C2 IP Feed.
  • Your Bambenek C2 IP Feed API Key and API Secret
TruSTAR Admin rights are required to activate this intelligence source.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the left side icon list.
  3. Click Premium Intel to view the feeds available.
  4. Click Subscribe on the Bambenek C2 IP Feed box.
  5. Enter your Bambenek C2 IP Feed API key and API secret, then click Save Credentials & Request Subscription

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

The information retrieved from this intelligence source is stored in the Bambenek C2 IP Feed Enclave using this format.

Field 

Explanation

Title

bambenek_[indicator value]

externalURL

--

maliciousScore

High

rawContent

bambenek_ip

content.indicators.Indicator.observable

Indicator value

content.indicators.Indicator.attributes

Malware family

content.indicators.Indicator.tags

--

Known Issues

No reported issues.

Please contact support@trustar.co if you have issues with this integration.


How Did We Do?