This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
☆120Apr 14, 2021Updated 4 years ago
Alternatives and similar repositories for detections
Users that are interested in detections are comparing it to the libraries listed below
Sorting:
- This repository contains tools used by 401trg.☆20Apr 14, 2021Updated 4 years ago
- ☆18Jun 8, 2018Updated 7 years ago
- My personal experience in Threat Hunting and knowledge gained so far.☆19May 27, 2017Updated 8 years ago
- CIF v3 -- the fastest way to consume threat intelligence☆183Apr 20, 2023Updated 2 years ago
- This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.☆35Jul 8, 2019Updated 6 years ago
- Providing timelines based on OSINT Reports☆31Jun 21, 2023Updated 2 years ago
- DPS' Lightweight Investigation Notebook☆433Dec 31, 2023Updated 2 years ago
- The mission of Black Lotus Labs is to leverage our network visibility to both help protect customers and keep the internet clean.☆12Jun 18, 2021Updated 4 years ago
- Indicators of compromise relating to our report on APT10's targeting of global MSPs☆10Sep 26, 2017Updated 8 years ago
- Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.☆280Dec 13, 2021Updated 4 years ago
- Bro PCAP Processing and Tagging API☆28Nov 9, 2017Updated 8 years ago
- A collection of Indicators of Compromise (IoCs), most aligning with samples derived from the signatures in the YARA-Signatures repo☆29Jun 11, 2020Updated 5 years ago
- domain information in JSON format☆10Jun 7, 2017Updated 8 years ago
- ☆10Dec 28, 2015Updated 10 years ago
- Passive DNS server interface compliant to "Common Output Format"☆10Sep 19, 2016Updated 9 years ago
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆387May 11, 2022Updated 3 years ago
- The repository contains IOCs in CSV format for APT, Cyber Crimes, Malware and Trojan and whatever I found as part of hunting and research☆12Jun 10, 2017Updated 8 years ago
- Bro analyzer that detects Google's QUIC protocol☆10Mar 2, 2021Updated 5 years ago
- Repository of tools, YARA rules, and code-snippets from Stairwell's research team.☆23Jan 31, 2024Updated 2 years ago
- Re-play Security Events☆1,725Mar 20, 2024Updated last year
- Parse YARA rules and operate over them more easily.☆195Feb 6, 2025Updated last year
- Defanged Indicator of Compromise (IOC) Extractor.☆569Aug 28, 2024Updated last year
- Simple IP enrichment service and API wrapping PyASN and MaxMind GeoIP.☆71Dec 8, 2022Updated 3 years ago
- Tools for the Computer Incident Response Team☆150Apr 17, 2017Updated 8 years ago
- Scripts, Yara rules and other files developed during malware investigations☆27Aug 19, 2022Updated 3 years ago
- pocket guide for core threat hunting concepts☆23May 6, 2020Updated 5 years ago
- ☆23Mar 17, 2024Updated last year
- Repository to provide files related to our blog articles.☆16May 26, 2025Updated 9 months ago
- A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework☆355Nov 3, 2020Updated 5 years ago
- An informational repo about hunting for adversaries in your IT environment.☆1,854Nov 17, 2021Updated 4 years ago
- FireEye Publicly Shared Indicators of Compromise (IOCs)☆473Jan 19, 2019Updated 7 years ago
- Performs OCR on image files and scans them for matches to YARA rules☆42Oct 30, 2018Updated 7 years ago
- Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis…☆2,515Jan 12, 2026Updated last month
- Integration between MISP platform and McAfee MVISION EDR☆14Mar 14, 2022Updated 3 years ago
- Modular command-line threat hunting tool & framework.☆17Jul 20, 2020Updated 5 years ago
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Jan 16, 2018Updated 8 years ago
- Misc Threat Hunting Resources☆377Jan 26, 2023Updated 3 years ago
- Automated handling of data feeds for security teams☆147Dec 31, 2025Updated 2 months ago
- DHCP Fingerprinting☆31Dec 15, 2020Updated 5 years ago