Alternatives and similar repositories for active_c2_ioc_public

Users that are interested in active_c2_ioc_public are comparing it to the libraries listed below

• drb-ra / C2IntelFeeds

  View on GitHub
  Automatically created C2 Feeds
  ☆661Updated this week
• cedowens / C2-JARM

  View on GitHub
  A list of JARM hashes for different ssl implementations used by some C2/red team tools.
  ☆145Apr 20, 2023Updated 2 years ago
• Abjuri5t / SarlackLab

  View on GitHub
  ☆34Nov 11, 2025Updated 3 months ago
• tsale / TA_tooling

  View on GitHub
  ☆10Dec 24, 2022Updated 3 years ago
• JPCERTCC / jpcert-yara

  View on GitHub
  JPCERT/CC public YARA rules repository
  ☆108Nov 14, 2025Updated 3 months ago
• silence-is-best / c2db

  View on GitHub
  c2 traffic
  ☆195Feb 6, 2023Updated 3 years ago
• jeFF0Falltrades / IoCs

  View on GitHub
  A collection of Indicators of Compromise (IoCs), most aligning with samples derived from the signatures in the YARA-Signatures repo
  ☆29Jun 11, 2020Updated 5 years ago
• 2igosha / sunburst_dga

  View on GitHub
  ☆22Dec 22, 2020Updated 5 years ago
• hpthreatresearch / subcrawl

  View on GitHub
  SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…
  ☆150Sep 22, 2023Updated 2 years ago
• AbdulRhmanAlfaifi / CryptnetURLCacheParser

  View on GitHub
  CryptnetURLCacheParser is a tool to parse CryptAPI cache files
  ☆20Aug 3, 2024Updated last year
• Te-k / cobaltstrike

  View on GitHub
  Code and yara rules to detect and analyze Cobalt Strike
  ☆273May 5, 2021Updated 4 years ago
• hpthreatresearch / iocs

  View on GitHub
  Indicators of Compromise (IOCs) accompanying HP Threat Research blog posts and reports.
  ☆29Apr 10, 2024Updated last year
• nccgroup / pybeacon

  View on GitHub
  A collection of scripts for dealing with Cobalt Strike beacons in Python
  ☆169Jan 5, 2021Updated 5 years ago
• fox-it / cobaltstrike-beacon-data

  View on GitHub
  Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
  ☆133Mar 28, 2022Updated 3 years ago
• ninoseki / mihari

  View on GitHub
  A query aggregator for OSINT based threat hunting
  ☆930Jan 23, 2026Updated 3 weeks ago
• W3ndige / aurora

  View on GitHub
  Malware similarity platform with modularity in mind.
  ☆80Jul 18, 2021Updated 4 years ago
• Sentinel-One / CobaltStrikeParser

  View on GitHub
  ☆1,129Dec 19, 2023Updated 2 years ago
• mandiant / thiri-notebook

  View on GitHub
  The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…
  ☆154Apr 25, 2022Updated 3 years ago
• ald3ns / XPR-dump

  View on GitHub
  Helper scripts to automate the extraction of YARA rules from XProtectRemediators
  ☆22Mar 5, 2024Updated last year
• target / halogen

  View on GitHub
  Automatically create YARA rules from malicious documents.
  ☆212May 16, 2022Updated 3 years ago
• felixweyne / imaginaryC2

  View on GitHub
  Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …
  ☆447Oct 26, 2022Updated 3 years ago
• JPCERTCC / MalConfScan

  View on GitHub
  Volatility plugin for extracts configuration data of known malware
  ☆495Dec 22, 2023Updated 2 years ago
• gkucherin / de4dot

  View on GitHub
  .NET deobfuscator and unpacker (with a control flow unflattener for DoubleZero added).
  ☆29Jun 14, 2022Updated 3 years ago
• whickey-r7 / grab_beacon_config

  View on GitHub
  ☆451Aug 4, 2021Updated 4 years ago
• Immersive-Labs-Sec / BruteRatel-DetectionTools

  View on GitHub
  A collection of Tools and Rules for decoding Brute Ratel C4 badgers
  ☆66Jul 7, 2022Updated 3 years ago
• kirk-sayre-work / xlmulator

  View on GitHub
  Python emulator for Excel XLM macros.
  ☆18May 25, 2020Updated 5 years ago
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆264Nov 25, 2023Updated 2 years ago
• Cyb3r-Monk / RITA-J

  View on GitHub
  Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
  ☆207Jul 21, 2022Updated 3 years ago
• montysecurity / InfraSpyder

  View on GitHub
  Automatically spider the result set of a Censys/Shodan search and download all files where the file name or folder path matches a regex.
  ☆28Apr 22, 2023Updated 2 years ago
• k-vitali / operation-shadowhammer

  View on GitHub
  This repository contains various files linked to Operation Shadowhammer as it was originally discovered by Kaspersky Team.
  ☆12Mar 27, 2019Updated 6 years ago
• sonofagl1tch / MalwareResearch

  View on GitHub
  This directory contains random scripts from threat hunting or malware research
  ☆11Feb 15, 2018Updated 8 years ago
• woanware / wmi-parser

  View on GitHub
  Parses the WMI object database....looking for persistence
  ☆34Dec 12, 2019Updated 6 years ago
• c2links / NoWhere2Hide

  View on GitHub
  C2 Active Scanner
  ☆59Jun 19, 2024Updated last year
• deepinstinct / DeMotet

  View on GitHub
  Unpacking and decryption tools for the Emotet malware
  ☆45Dec 5, 2021Updated 4 years ago
• chronicle / GCTI

  View on GitHub
  ☆552Dec 4, 2023Updated 2 years ago
• cado-security / rip_raw

  View on GitHub
  Rip Raw is a small tool to analyse the memory of compromised Linux systems.
  ☆134Jan 31, 2022Updated 4 years ago
• intezer / yara-rules

  View on GitHub
  ☆128Feb 2, 2025Updated last year
• shabarkin / pointer

  View on GitHub
  Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.
  ☆69Apr 12, 2022Updated 3 years ago
• GDATASoftwareAG / TypeRefHasher

  View on GitHub
  CLI tool to compute the TypeRefHash for .NET binaries.
  ☆19Nov 10, 2021Updated 4 years ago