Gordon quickly provides threat & risk information about observablesGordon is a great website for security analysis and threat intelligence practitioners courtesy of Marc-Henry Geay of France. All aspirations and architecture for Gordon are available in Marc-Henry’s Medium post, as well as his About content.
I gave Gordon a quick test using IPv4 IOCs from the Cisco Talos Threat Advisory: SolarWinds supply chain attack. Gordon limits you to 15 observables at most, and note that it favors non-Microsoft browsers, so I experimented via Firefox. Using ten IP IOCs, separated one per line, I received swift results as seen in Figure 1. Figure 1: Gordon IPv4 SUNBURST results As noted, Figure 1: shows IPvs SUNBURST IOC results that are precise and color coded by risk. Figure 2: Gordon SHA-256 query results Again, the SUNBURST SHA-256 IOC results are robust and detailed. I’ve certainly added Gordon to my favorites list and suggest you consider doing the same. Cheers…until next time. |
Russ McRee 201 Posts ISC Handler Jan 19th 2021 |
Thread locked Subscribe |
Jan 19th 2021 1 month ago |
Interesting site. Playing with it I did learn something about Virustotal (VT). I submitted a domain name I knew was malicious as of this morning, which was on VT with a -52 rep score, yet it came back clean in Gordon. What!?! Clicking the [very helpful] source link, I found the cause. VT domain searches are dumb. example.com and http://example.com and https://example.com are all different URLs/domain names to VT.
|
Anonymous |
Quote |
Jan 22nd 2021 1 month ago |
Sign Up for Free or Log In to start participating in the conversation!