COSSAS / dgad
DGA Detective - Hunt domains generated by Domain Generation Algorithms to identify malware traffic
☆39Updated 5 months ago
Alternatives and similar repositories for dgad:
Users that are interested in dgad are comparing it to the libraries listed below
- Threat Detection Rules (Snort/Sigma/Yara)☆13Updated last year
- This repository contains OpenIOC rules to aid in hunting for indicators of compromise and TTPs focused on Advanced Persistent Threat grou…☆22Updated last year
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆35Updated 2 years ago
- Threat Detection & Anomaly Detection rules for popular open-source components☆50Updated 2 years ago
- Automated detection rule analysis utility☆29Updated 2 years ago
- A MITRE Caldera plugin☆40Updated 2 months ago
- Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…☆66Updated 2 weeks ago
- This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a mat…☆61Updated last year
- Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.☆76Updated 3 years ago
- A tool to assess data quality, built on top of the awesome OSSEM.☆76Updated 2 years ago
- ☆41Updated 2 years ago
- ☆25Updated last year
- Remote Desktop Client Fingerprint script for Zeek. Based off of https://github.com/0x4D31/fatt☆39Updated last year
- Merge of two major cyber adversary datasets, MITRE ATT&CK and ETDA/ThaiCERT Threat Actor Cards, enabling victim/motivation-adversary-tech…☆52Updated 2 years ago
- YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.☆27Updated 3 years ago
- ☆29Updated last week
- Because phishtank was taken.. explore phishing kits in a contained environment!☆45Updated 2 years ago
- This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that ma…☆16Updated 2 years ago
- Tool to read EVTX files including SYSMON and convert to JSON, MISP Objects and Graph stream☆11Updated 4 years ago
- CyCAT.org API back-end server including crawlers☆30Updated last year
- Zeek Extension to Collect Metadata for Profiling of Endpoints and Proxies☆27Updated 10 months ago
- An elevated STIX representation of the MITRE ATT&CK Groups knowledge base☆23Updated 2 years ago
- Further investigation in to APT campaigns disclosed by private security firms and security agencies☆84Updated 2 years ago
- STIX 2.1 Visualizer, Attack and Activity Thread Graph for Threat Modeling☆34Updated last month
- Tweettioc Splunk App☆20Updated 4 years ago
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆125Updated 2 years ago
- Augmentation to Machine Readable CTI☆27Updated last month
- Suricata rule and intel index☆30Updated last month
- Threat Mapping Catalogue☆17Updated 3 years ago
- Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert☆37Updated 2 years ago