Bambenek C2 Domain Feed
This article explains how to set up the Bambenek C2 Domain Feed premium intelligence source in the TruSTAR platform.
This self-curating feed monitors malicious networks to observe current criminal activity and collect relevant Domain information, producing high-confidence data with very low false positives.
- Source Type: Premium Intelligence
- Update Type: Feed-based
- Update Frequency: 15 minutes
- Time to install: 10 minutes
Observables Supported
- Domain
Requirements
- A subscription to the Bambenek C2 Domain Feed.
- Your Bambenek Domain IP Feed API Key and API Secret
Getting Started
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the left side icon list.
- Click Premium Intel to view the feeds available.
- Click Subscribe on the Bambenek C2 Domain Feed box.
- Enter your Bambenek C2 Domain Feed API key and API secret, then click Save Credentials & Request Subscription
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
The information retrieved from this intelligence source is stored in the Bambenek C2 Domain Feed using this format.
Field | Explanation |
Title | Bambenek C2 Domain- <IoC Value> |
externalURL | -- |
maliciousScore | High |
rawContent | bambenek_domain |
content.indicators.Indicator.observable | Indicator value |
content.indicators.Indicator.attributes | Tags: Type of Malware family |
content.indicators.Indicator.tags | -- |
Known Issues
No reported issues.