InQuest/ThreatKB

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/InQuest/ThreatKB)

InQuest / ThreatKB

Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

☆102

Alternatives and similar repositories for ThreatKB

Users that are interested in ThreatKB are comparing it to the libraries listed below

Sorting:

InQuest / ThreatIngestor
View on GitHub
Extract and aggregate threat intelligence.
☆906Jan 31, 2024Updated 2 years ago
InQuest / iocextract
View on GitHub
Defanged Indicator of Compromise (IOC) Extractor.
☆567Aug 28, 2024Updated last year
InQuest / yara-rules
View on GitHub
A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
☆387May 11, 2022Updated 3 years ago
armbues / ioc_parser
View on GitHub
Tool to extract indicators of compromise from security reports in PDF format
☆439Feb 24, 2023Updated 3 years ago
SIFalcon / Detection
View on GitHub
☆23Jul 7, 2023Updated 2 years ago
center-for-threat-informed-defense / sightings_ecosystem
View on GitHub
Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE…
☆38May 28, 2025Updated 9 months ago
techbliss / Yara_Mailware_Quick_menu_scanner
View on GitHub
Work Fast With the pattern matching swiss knife for malware researchers.
☆38Mar 26, 2016Updated 9 years ago
bandrel / OCyara
View on GitHub
Performs OCR on image files and scans them for matches to YARA rules
☆42Oct 30, 2018Updated 7 years ago
sroberts / cacador
View on GitHub
Indicator Extractor
☆141Jul 14, 2018Updated 7 years ago
corumir / Practical-Tradecraft
View on GitHub
Resources, articles, thoughts, datasets, papers on TI tradecraft
☆11Aug 24, 2018Updated 7 years ago
alphaSeclab / malware-ioc-hash
View on GitHub
Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.
☆19Sep 10, 2020Updated 5 years ago
staaldraad / fastfluxanalysis
View on GitHub
Scripts to detect Fast-Flux and DGA using DNS query responses
☆44Jun 7, 2017Updated 8 years ago
fugawi / mate
View on GitHub
Mitre Att&ck Technique Emulation
☆82Mar 6, 2019Updated 6 years ago
PUNCH-Cyber / YaraGuardian
View on GitHub
Django web interface for managing Yara rules
☆196Jul 28, 2018Updated 7 years ago
InQuest / sandboxapi
View on GitHub
Minimal, consistent Python API for building integrations with malware sandboxes.
☆142Jan 31, 2024Updated 2 years ago
OsbornePro / BTPS-SecPack
View on GitHub
This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommen…
☆51Sep 14, 2025Updated 5 months ago
eset / malware-ioc
View on GitHub
Indicators of Compromises (IOC) of our various investigations
☆1,917Feb 20, 2026Updated last week
wrayjustin / yaids
View on GitHub
YAIDS - Yara-Based IDS - Yara as an Intrusion Detection System / Yet Another Intrusion Detection System - An Intrusion Detection System (…
☆26Oct 20, 2022Updated 3 years ago
plyara / plyara
View on GitHub
Parse YARA rules and operate over them more easily.
☆194Feb 6, 2025Updated last year
georgestarcher / Splunk-ESIntel-KVStore
View on GitHub
Splunk csv to KVStore ES Threat Intel
☆11Jul 11, 2016Updated 9 years ago
Patrowl / PatrowlEngines
View on GitHub
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
☆245Feb 11, 2026Updated 2 weeks ago
ciscocsirt / GOSINT
View on GitHub
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).
☆556May 9, 2023Updated 2 years ago
h3x2b / yara-rules
View on GitHub
Yara rules for detecting malware
☆23Sep 9, 2025Updated 5 months ago
pan-unit42 / iocs
View on GitHub
Indicators from Unit 42 Public Reports
☆728Aug 17, 2025Updated 6 months ago
TheHive-Project / Hippocampe
View on GitHub
Threat Feed Aggregation, Made Easy
☆169Jul 13, 2020Updated 5 years ago
8u1a / plyara
View on GitHub
Parse Yara rules and operate over them more easily.
☆51Jan 7, 2019Updated 7 years ago
HurricaneLabs / machinae
View on GitHub
Machinae Security Intelligence Collector
☆539May 15, 2024Updated last year
gamelinux / activedns
View on GitHub
An active domain name query tool to help keep track of domain name movements...
☆16Mar 28, 2021Updated 4 years ago
MISP / misp-grafana
View on GitHub
A real-time Grafana dashboard using MISP ZeroMQ message queue and InfluxDB
☆19Mar 15, 2024Updated last year
phage-nz / infosec-bazaar
View on GitHub
A collection of infosec related scripts and information.
☆53Oct 2, 2024Updated last year
InQuest / yara-rules-vt
View on GitHub
Collection of YARA rules designed for usage through VirusTotal.com.
☆85Apr 4, 2024Updated last year
1aN0rmus / Yara
View on GitHub
Yara rules
☆49Jan 28, 2014Updated 12 years ago
center-for-threat-informed-defense / insider-threat-ttp-kb
View on GitHub
The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders…
☆149Jul 9, 2025Updated 7 months ago
yeti-platform / yeti
View on GitHub
Your Everyday Threat Intelligence
☆1,951Feb 12, 2026Updated 2 weeks ago
InQuest / awesome-yara
View on GitHub
A curated list of awesome YARA rules, tools, and people.
☆4,146Updated this week
fxb-cocacoding / yara-signator
View on GitHub
Automatic YARA rule generation for Malpedia
☆168Sep 8, 2022Updated 3 years ago
Hestat / lw-yara
View on GitHub
Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
☆107Mar 4, 2021Updated 4 years ago
KasperskyLab / klara
View on GitHub
Kaspersky's GReAT KLara
☆732Jul 24, 2024Updated last year
oasis-open / cti-stix-elevator
View on GitHub
OASIS Cyber Threat Intelligence (CTI) TC Open Repository: Convert STIX 1.2 XML to STIX 2.x JSON
☆52Apr 15, 2024Updated last year