Today I'm happy to release the first version of a real search function. Rather than just searching for artefacts such as domains or IP addresses, you can now search for more general terms such as organisation names.
Below is a search for tibet - a theme commonly employed in targeted attacks.
There are a number of results here. The first, tibet.my03[.]com, is referenced as associated with a malware report, malware and is a dynamic domain (often employed by malware).
You may be wondering why this result came first.
Results are ranked by a number of factors, such an obvious PageRank/TrustRank style "number of hops from known bad" but also by a number of crafted rules. You can expect the see the ranking of results fluctuate as alternate ranking functions ate tested.
The implementation of a search function means ThreatCrowd has finally met the initial roadmap of core functions. Development now will be on incremental improvements to the interface to make research easier, and increasing the scope of data.
If you've got any thoughts on how to improve ThreatCrowd, or just general comments - I'd love to hear them.