Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Covid19 Domain Classifier SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Covid19 Domain Classifier

Johannes started a Covid19 Domain Classifier here on our Internet Storm Center site.

From SANS NewsBites Vol. 22 Num. 025:

Help Us Classify COVID-19 Related Domains

These last couple of weeks, criminals have been using COVID-19 for everything from selling fake cures to phishing. Every day, several thousand domains are registered for COVID-19 related keywords. We are trying to identify the worst, and classify the domains into different risk categories. If you have some time this weekend, please help us out by checking out some of these domains. To participate, see https://isc.sans.edu/covidclassifier.html. The domain data is based on a feed provided by Domaintools and we will make the results of this effort public for download as soon as we have a “critical mass” of responses.

When you log in with your account to the SANS ISC site, you'll get a list of 10 domains to classify, like this:

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

479 Posts
ISC Handler
Mar 28th 2020
Thank You
Netmanzim

54 Posts
I don't know what to make of the following WiFi APs popping up in my area. The signals have been stronger (80% range) other times. I googled "COVIDcrew2020" to no avail.

COVID crew 38:3f:b3:3e:a5:d5 6 (ng) 20 WPA2 (AES/CCMP) Technico
50% (-70 dBm)
2020-03-27 11:56
2020-03-27 11:56

COVID crew 38:3f:b3:3e:a5:dd 36 (na) 80 WPA2 (AES/CCMP) Technico
45% (-72 dBm)
2020-03-27 12:07
2020-03-27 11:56

COVIDcrew2020 fc:51:a4:08:6e:6e 36 (na) 80 WPA2 (AES/CCMP) ArrisGro
64% (-64 dBm)
62% (-65 dBm)
2020-03-28 20:38
2020-03-28 20:38

COVIDcrew2020 fc:51:a4:08:6e:6d 11 (ng) 20 WPA2 (AES/CCMP) ArrisGro
42% (-73 dBm)
2020-03-29 05:19
2020-03-29 00:45
robv

20 Posts
Some organizations have likely invested in new hotspots for their new remote workforce...and created simple, appropriate AP names.
gp

1 Posts
Great project! I've been chipping in a bit with a couple classifications. Do you still plan to release the results?
Anonymous

Sign Up for Free or Log In to start participating in the conversation!