Valuable Datasets for Analyzing Network Infrastructure

This document is a cheat sheet that outlines various datasets useful for analyzing network infrastructure. It provides a detailed examination of different record types, including DNS, MX, and Whois, along with their potential implications for identifying suspicious activities. Each dataset is categorized with specific indicators that suggest malicious intent or infrastructure control by threat actors. For instance, it discusses how frequently changing IP addresses associated with a domain name can indicate fast-flux networks, while unique emails linked to known malicious domains may signify shared ownership of suspicious infrastructure. The document also addresses the significance of domain age, registrar information, and the characteristics of nameservers in assessing the legitimacy of domains. By presenting these datasets and their associated indicators, the cheat sheet serves as a practical resource for cybersecurity professionals aiming to detect and analyze potential threats within network infrastructures.