blacklotuslabs/IOCs external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

blacklotuslabs/IOCs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/blacklotuslabs/IOCs)

Close

blacklotuslabs / IOCsView on GitHubMore

• External links
• Readme badge

IOCs published by Black Lotus Labs

☆140Apr 8, 2026Updated 3 weeks ago

Alternatives and similar repositories for IOCs

Users that are interested in IOCs are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• spydisec / spydithreatintel

  View on GitHub
  Spydi ThreatIntel Feed is built on open-source threat intelligence, community-maintained blocklists, and public security research.
  ☆53Updated this week
• stratosphereips / yara-rules

  View on GitHub
  Repository of Yara rules created by the Stratosphere team
  ☆29Jul 8, 2021Updated 4 years ago
• HarfangLab / iocs

  View on GitHub
  Indicators of compromise
  ☆17Jan 29, 2026Updated 3 months ago
• mlodic / ursnif_beacon_decryptor

  View on GitHub
  Ursnif beacon decryptor
  ☆27Mar 20, 2023Updated 3 years ago
• olafhartong / Invoke-Phant0m

  View on GitHub
  Windows Event Log Killer
  ☆12May 22, 2017Updated 8 years ago
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• hpthreatresearch / iocs

  View on GitHub
  Indicators of Compromise (IOCs) accompanying HP Threat Research blog posts and reports.
  ☆28Apr 10, 2024Updated 2 years ago
• JPCERTCC / etw-scan

  View on GitHub
  ETW forensic tool for Volatility3 plugin
  ☆17Nov 15, 2024Updated last year
• bitdefender / malware-ioc

  View on GitHub
  Indicators of Compromise for malware documented in whitepapers.
  ☆45Apr 1, 2026Updated last month
• ThreatLabz / iocs

  View on GitHub
  This repository is for Indicators of Compromise (IOCs) from Zscaler ThreatLabz public reports
  ☆79Jan 26, 2026Updated 3 months ago
• hausec / CobaltStrikeToGhostWriter

  View on GitHub
  Log converter from CS log to Ghostwriter CSV
  ☆31Nov 23, 2020Updated 5 years ago
• sophoslabs / IoCs

  View on GitHub
  Sophos-originated indicators-of-compromise from published reports
  ☆661Mar 31, 2026Updated last month
• 0xmitsurugi / SandboxingMalware

  View on GitHub
  A malware sandoxed with gdb
  ☆15Jun 27, 2016Updated 9 years ago
• volexity / threat-intel

  View on GitHub
  Signatures and IoCs from public Volexity blog posts.
  ☆367Dec 4, 2025Updated 5 months ago
• Truesec / Kaseya-CheckandMitigate

  View on GitHub
  This repository contains a script created by Truesec CSIRT team which can be used to identify signs of compromise and to some extent, mit…
  ☆11Jul 7, 2021Updated 4 years ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• pan-unit42 / tweets

  View on GitHub
  ☆130Jan 29, 2024Updated 2 years ago
• SentineLabs / PowerTrick

  View on GitHub
  This is a repository for the public blog with Labs indicators of compromise and code
  ☆18Jan 8, 2020Updated 6 years ago
• gendigitalinc / ioc

  View on GitHub
  Threat Intel IoCs + bits and pieces of dark matter. Published by Gen Threat Labs.
  ☆449Apr 7, 2026Updated 3 weeks ago
• PwCUK-CTO / SANSCTISummit2021-xStart

  View on GitHub
  Indicators of compromise, YARA rules, and Python scripts to supplement the SANS CTI Summit 2021 talk: "xStart when you're ready".
  ☆14Jul 12, 2021Updated 4 years ago
• Squiblydoo / MalAPIReader

  View on GitHub
  Reads and prints information from the website MalAPI.io
  ☆20Jul 14, 2022Updated 3 years ago
• center-for-threat-informed-defense / attack-sync

  View on GitHub
  ATT&CK Sync is a Center for Threat-Informed Defense project that aims to improve the ability for organizations to consume MITRE ATT&CK® v…
  ☆25Updated this week
• SIFalcon / Detection

  View on GitHub
  ☆23Jul 7, 2023Updated 2 years ago
• 0xDanielLopez / TweetFeed

  View on GitHub
  TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Here you will find malicious URLs, domains…
  ☆655Updated this week
• NetsecExplained / docker-labs

  View on GitHub
  Labs built in docker to cover NSE lessons
  ☆11Nov 24, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• Yamato-Security / hayabusa-rules

  View on GitHub
  Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.
  ☆217Updated this week
• silascutler / DetuxNG

  View on GitHub
  The Multiplatform Linux Sandbox
  ☆16Dec 19, 2023Updated 2 years ago
• tylabs / cryptam

  View on GitHub
  cryptam document malware analysis tool
  ☆13Jun 18, 2023Updated 2 years ago
• deadbits / yara-rules

  View on GitHub
  Collection of YARA signatures from individual research
  ☆44Nov 20, 2023Updated 2 years ago
• pimdegroot / homeclimate

  View on GitHub
  Repository for the home climate monitoring I built
  ☆17Jul 9, 2019Updated 6 years ago
• LETHAL-FORENSICS / MemProcFS-Analyzer

  View on GitHub
  MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
  ☆706Apr 21, 2026Updated 2 weeks ago
• carbonblack / active_c2_ioc_public

  View on GitHub
  Active C2 IoCs
  ☆99Nov 28, 2022Updated 3 years ago
• drb-ra / C2IntelFeeds

  View on GitHub
  Automatically created C2 Feeds
  ☆677Updated this week
• mantvydasb / c-playground

  View on GitHub
  C & Shellcode Playground..
  ☆10Dec 2, 2017Updated 8 years ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• 3c7 / yaramanager

  View on GitHub
  Simple yara rule manager
  ☆67Dec 27, 2022Updated 3 years ago
• reversinglabs / reversinglabs-yara-rules

  View on GitHub
  ReversingLabs YARA Rules
  ☆911Nov 3, 2025Updated 6 months ago
• stairwell-inc / threat-research

  View on GitHub
  Repository of tools, YARA rules, and code-snippets from Stairwell's research team.
  ☆23Jan 31, 2024Updated 2 years ago
• google / threat-team

  View on GitHub
  No longer maintained. Please refer to Google Threat Intelligence / Virus Total collections.
  ☆64Apr 3, 2026Updated last month
• openhunting-io / ohcti-malwareinfra

  View on GitHub
  Threat Hunting Malware Infrastructure
  ☆11Dec 3, 2023Updated 2 years ago
• InQuest / iocextract

  View on GitHub
  Defanged Indicator of Compromise (IOC) Extractor.
  ☆576Aug 28, 2024Updated last year
• sophoslabs / metasploit_gather_exchange

  View on GitHub
  Metasploit Post-Exploitation Gather module for Exchange Server
  ☆26Mar 26, 2021Updated 5 years ago