[_wldu]

I'd be hesitant to consume this in a firewall or DNS RPZ. What if someone reported google.com as malicious?

[arboghast]

Happens all the time and those threat feeds aggregation platform that have a black box ML confidence generator for IOCs aren’t trustworthy either.

In this day and age, if people don’t put emphasis on TTPs and still only rely on old style threat intel, they will become obsolete.

[brightball]

TTPs?

[milkshakes]

http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pa...