This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.
☆120Apr 14, 2021Updated 4 years ago
Alternatives and similar repositories for detections
Users that are interested in detections are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- This repository contains tools used by 401trg.☆20Apr 14, 2021Updated 4 years ago
- domain information in JSON format☆10Jun 7, 2017Updated 8 years ago
- ☆18Jun 8, 2018Updated 7 years ago
- The repository contains IOCs in CSV format for APT, Cyber Crimes, Malware and Trojan and whatever I found as part of hunting and research☆12Jun 10, 2017Updated 8 years ago
- ☆10Dec 28, 2015Updated 10 years ago
- CIF v3 -- the fastest way to consume threat intelligence☆183Apr 20, 2023Updated 2 years ago
- Providing timelines based on OSINT Reports☆31Jun 21, 2023Updated 2 years ago
- Indicators of compromise relating to our report on APT10's targeting of global MSPs☆10Sep 26, 2017Updated 8 years ago
- DPS' Lightweight Investigation Notebook☆433Dec 31, 2023Updated 2 years ago
- The mission of Black Lotus Labs is to leverage our network visibility to both help protect customers and keep the internet clean.☆12Jun 18, 2021Updated 4 years ago
- My personal experience in Threat Hunting and knowledge gained so far.☆19May 27, 2017Updated 8 years ago
- IDS Utility Belt For Automating/Testing Various Things☆30Oct 14, 2020Updated 5 years ago
- Bro analyzer that detects Google's QUIC protocol☆10Mar 2, 2021Updated 5 years ago
- Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.☆280Dec 13, 2021Updated 4 years ago
- dnssinkholelist is a python package focused on combining open source lists of malicious domains, dynamic dns domains, and advertisement d…☆18Apr 13, 2016Updated 9 years ago
- Performs OCR on image files and scans them for matches to YARA rules☆42Oct 30, 2018Updated 7 years ago
- FireEye Publicly Shared Indicators of Compromise (IOCs)☆473Jan 19, 2019Updated 7 years ago
- Yara rules I've written☆10Dec 9, 2015Updated 10 years ago
- This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.☆35Jul 8, 2019Updated 6 years ago
- Yara rules☆10Dec 10, 2019Updated 6 years ago
- Re-play Security Events☆1,729Mar 20, 2024Updated 2 years ago
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)☆37Jan 2, 2024Updated 2 years ago
- Defanged Indicator of Compromise (IOC) Extractor.☆571Aug 28, 2024Updated last year
- Bro PCAP Processing and Tagging API☆28Nov 9, 2017Updated 8 years ago
- Kaspersky's GReAT KLara☆733Jul 24, 2024Updated last year
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆388May 11, 2022Updated 3 years ago
- Tools for the Computer Incident Response Team☆150Apr 17, 2017Updated 8 years ago
- Emofishes is a collection of proof-of-concepts that help improve, bypass or detect virtualized execution environments (focusing on the on…☆15Jan 28, 2023Updated 3 years ago
- A collection of Indicators of Compromise (IoCs), most aligning with samples derived from the signatures in the YARA-Signatures repo☆29Jun 11, 2020Updated 5 years ago
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Jan 16, 2018Updated 8 years ago
- FRAC and RIFT☆17Mar 16, 2019Updated 7 years ago
- Indicators from Unit 42 Public Reports☆726Aug 17, 2025Updated 7 months ago
- Protocol Analysis/Decoder Framework☆497Dec 19, 2022Updated 3 years ago
- Misc Threat Hunting Resources☆377Jan 26, 2023Updated 3 years ago
- Passive DNS server interface compliant to "Common Output Format"☆10Sep 19, 2016Updated 9 years ago
- Exporting MISP event attributes to yara rules usable with Thor apt scanner☆24Mar 27, 2017Updated 8 years ago
- (Unofficial) Python API for https://sslbl.abuse.ch/☆11Dec 9, 2016Updated 9 years ago
- A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…☆4,501Jan 12, 2026Updated 2 months ago
- Collection of YARA signatures from individual research☆44Nov 20, 2023Updated 2 years ago