Tracking APT IOCs
☆25Nov 16, 2020Updated 5 years ago
Alternatives and similar repositories for ThreatIntelligence
Users that are interested in ThreatIntelligence are comparing it to the libraries listed below
Sorting:
- Steezy - Ghetto Yara Generation☆15Mar 27, 2023Updated 2 years ago
- Scripts, Yara rules and other files developed during malware investigations☆27Aug 19, 2022Updated 3 years ago
- ☆22Dec 22, 2020Updated 5 years ago
- This repository contains various files linked to Operation Shadowhammer as it was originally discovered by Kaspersky Team.☆12Mar 27, 2019Updated 6 years ago
- ☆13Nov 10, 2020Updated 5 years ago
- A collection of Indicators of Compromise (IoCs), most aligning with samples derived from the signatures in the YARA-Signatures repo☆29Jun 11, 2020Updated 5 years ago
- Plugins for the Viper Framework☆14Sep 21, 2019Updated 6 years ago
- Vuls Beater for Elasticsearch - connecting vuls☆17Dec 15, 2020Updated 5 years ago
- Simple decrypter for strings used in SamSam Ransomware samples.☆18Feb 21, 2020Updated 6 years ago
- a very simple rootkit for fun☆19Nov 6, 2018Updated 7 years ago
- ☆15Jun 5, 2019Updated 6 years ago
- The Multiplatform Linux Sandbox☆16Dec 19, 2023Updated 2 years ago
- Exporting MISP event attributes to yara rules usable with Thor apt scanner☆24Mar 27, 2017Updated 8 years ago
- ☆21Jul 27, 2020Updated 5 years ago
- A collection of Covid-19 related threat intelligence and resources.☆19Jul 17, 2020Updated 5 years ago
- OLE Package Format Documentation☆23Jun 13, 2020Updated 5 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆86Jun 23, 2025Updated 8 months ago
- ☆16Apr 30, 2024Updated last year
- Scripts to aid analysis of files obfuscated with ScatterBee.☆24Jan 6, 2023Updated 3 years ago
- A Zeek package to detect CVE-2021-42292, a Microsoft Excel local privilege escalation exploit.☆18Nov 11, 2021Updated 4 years ago
- Creating a Feed of MISP Events from ThreatFox (by abuse.ch)☆19Jun 2, 2021Updated 4 years ago
- gopclntab finder and analyzer for Radare2☆21Aug 15, 2020Updated 5 years ago
- Telsy CTI Research Team☆57Dec 15, 2020Updated 5 years ago
- Vaccine for STOP/DJVU ransomware, prevents encryption☆26Oct 30, 2025Updated 4 months ago
- Let's try to create a rootkit!☆19Mar 6, 2020Updated 6 years ago
- Python script to automatically create sigma rules from The hive observables☆25Mar 17, 2019Updated 6 years ago
- Various Modules & Scripts for use with Viper Framework☆27Aug 20, 2019Updated 6 years ago
- Yet another rule generator for Yara☆29Jun 6, 2025Updated 9 months ago
- Notes and IoCs of fresh malware☆62Jul 5, 2024Updated last year
- Ursnif beacon decryptor☆27Mar 20, 2023Updated 2 years ago
- .NET deobfuscator and unpacker (with a control flow unflattener for DoubleZero added).☆29Jun 14, 2022Updated 3 years ago
- 针对邮件协议POP3、SMTP、IMAP进行账户安全性测试☆26Mar 27, 2018Updated 7 years ago
- ssdeep cluster analysis for malware files☆31Jun 5, 2020Updated 5 years ago
- Various config files obtained during malware analysis☆67Oct 31, 2018Updated 7 years ago
- Serverless, real-time, ClamAV+Yara scanning for your S3 Buckets☆33Jan 14, 2026Updated last month
- Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.☆30Jun 7, 2023Updated 2 years ago
- ☆30Jul 18, 2025Updated 7 months ago
- My scripts to deobfuscate APT32 malware☆27Apr 17, 2022Updated 3 years ago
- Gunslinger is used to hunt for Magecart sites using URLScan's API☆31Mar 15, 2022Updated 3 years ago