blacklotuslabs/IOCs external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

blacklotuslabs/IOCs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/blacklotuslabs/IOCs)

Close

blacklotuslabs / IOCsView on GitHubMore

• External links
• Readme badge

IOCs published by Black Lotus Labs

☆141May 19, 2026Updated this week

Alternatives and similar repositories for IOCs

Users that are interested in IOCs are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• spydisec / spydithreatintel

  View on GitHub
  Spydi ThreatIntel Feed is built on open-source threat intelligence, community-maintained blocklists, and public security research.
  ☆52Updated this week
• stratosphereips / yara-rules

  View on GitHub
  Repository of Yara rules created by the Stratosphere team
  ☆29Jul 8, 2021Updated 4 years ago
• HarfangLab / iocs

  View on GitHub
  Indicators of compromise
  ☆19May 18, 2026Updated last week
• mlodic / ursnif_beacon_decryptor

  View on GitHub
  Ursnif beacon decryptor
  ☆27Mar 20, 2023Updated 3 years ago
• olafhartong / Invoke-Phant0m

  View on GitHub
  Windows Event Log Killer
  ☆12May 22, 2017Updated 9 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• hpthreatresearch / iocs

  View on GitHub
  Indicators of Compromise (IOCs) accompanying HP Threat Research blog posts and reports.
  ☆28Apr 10, 2024Updated 2 years ago
• JPCERTCC / etw-scan

  View on GitHub
  ETW forensic tool for Volatility3 plugin
  ☆17Nov 15, 2024Updated last year
• bitdefender / malware-ioc

  View on GitHub
  Indicators of Compromise for malware documented in whitepapers.
  ☆45May 13, 2026Updated last week
• ThreatLabz / iocs

  View on GitHub
  This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports
  ☆79Jan 26, 2026Updated 3 months ago
• sophoslabs / IoCs

  View on GitHub
  Sophos-originated indicators-of-compromise from published reports
  ☆665May 14, 2026Updated last week
• 0xmitsurugi / SandboxingMalware

  View on GitHub
  A malware sandoxed with gdb
  ☆15Jun 27, 2016Updated 9 years ago
• volexity / threat-intel

  View on GitHub
  Signatures and IoCs from public Volexity blog posts.
  ☆367Dec 4, 2025Updated 5 months ago
• Truesec / Kaseya-CheckandMitigate

  View on GitHub
  This repository contains a script created by Truesec CSIRT team which can be used to identify signs of compromise and to some extent, mit…
  ☆11Jul 7, 2021Updated 4 years ago
• pan-unit42 / tweets

  View on GitHub
  ☆130Jan 29, 2024Updated 2 years ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• SentineLabs / PowerTrick

  View on GitHub
  This is a repository for the public blog with Labs indicators of compromise and code
  ☆18Jan 8, 2020Updated 6 years ago
• gendigitalinc / ioc

  View on GitHub
  Threat Intel IoCs + bits and pieces of dark matter. Published by Gen Threat Labs.
  ☆449Apr 7, 2026Updated last month
• PwCUK-CTO / SANSCTISummit2021-xStart

  View on GitHub
  Indicators of compromise, YARA rules, and Python scripts to supplement the SANS CTI Summit 2021 talk: "xStart when you're ready".
  ☆14Jul 12, 2021Updated 4 years ago
• Squiblydoo / MalAPIReader

  View on GitHub
  Reads and prints information from the website MalAPI.io
  ☆21Jul 14, 2022Updated 3 years ago
• center-for-threat-informed-defense / attack-sync

  View on GitHub
  ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CK® v…
  ☆25Updated this week
• SIFalcon / Detection

  View on GitHub
  ☆24Jul 7, 2023Updated 2 years ago
• 0xDanielLopez / TweetFeed

  View on GitHub
  TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Here you will find malicious URLs, domains…
  ☆659May 18, 2026Updated last week
• NetsecExplained / docker-labs

  View on GitHub
  Labs built in docker to cover NSE lessons
  ☆12Nov 24, 2023Updated 2 years ago
• Yamato-Security / hayabusa-rules

  View on GitHub
  Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
  ☆218May 3, 2026Updated 3 weeks ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• silascutler / DetuxNG

  View on GitHub
  The Multiplatform Linux Sandbox
  ☆16Dec 19, 2023Updated 2 years ago
• tylabs / cryptam

  View on GitHub
  cryptam document malware analysis tool
  ☆13Jun 18, 2023Updated 2 years ago
• deadbits / yara-rules

  View on GitHub
  Collection of YARA signatures from individual research
  ☆44Nov 20, 2023Updated 2 years ago
• pimdegroot / homeclimate

  View on GitHub
  Repository for the home climate monitoring I built
  ☆17Jul 9, 2019Updated 6 years ago
• carbonblack / active_c2_ioc_public

  View on GitHub
  Active C2 IoCs
  ☆99Nov 28, 2022Updated 3 years ago
• LETHAL-FORENSICS / MemProcFS-Analyzer

  View on GitHub
  MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
  ☆715May 2, 2026Updated 3 weeks ago
• 3c7 / yaramanager

  View on GitHub
  Simple yara rule manager
  ☆67Dec 27, 2022Updated 3 years ago
• drb-ra / C2IntelFeeds

  View on GitHub
  Automatically created C2 Feeds
  ☆716Updated this week
• reversinglabs / reversinglabs-yara-rules

  View on GitHub
  ReversingLabs YARA Rules
  ☆918Nov 3, 2025Updated 6 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• stairwell-inc / threat-research

  View on GitHub
  Repository of tools, YARA rules, and code-snippets from Stairwell's research team.
  ☆23Jan 31, 2024Updated 2 years ago
• google / threat-team

  View on GitHub
  No longer maintained. Please refer to Google Threat Intelligence / Virus Total collections.
  ☆65Apr 3, 2026Updated last month
• openhunting-io / ohcti-malwareinfra

  View on GitHub
  Threat Hunting Malware Infrastructure
  ☆11Dec 3, 2023Updated 2 years ago
• InQuest / iocextract

  View on GitHub
  Defanged Indicator of Compromise (IOC) Extractor.
  ☆578Aug 28, 2024Updated last year
• sophoslabs / metasploit_gather_exchange

  View on GitHub
  Metasploit Post-Exploitation Gather module for Exchange Server
  ☆26Mar 26, 2021Updated 5 years ago
• SkillAegis / SkillAegis

  View on GitHub
  SkillAegis is a platform to design, run, and monitor exercise scenarios, enhancing skills in applications like MISP and training users in…
  ☆37Oct 21, 2025Updated 7 months ago
• blacklotuslabs / Research

  View on GitHub
  The mission of Black Lotus Labs is to leverage our network visibility to both help protect customers and keep the internet clean.
  ☆12Jun 18, 2021Updated 4 years ago