Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

GitHub topics: indicators-of-compromise

desimic/Ronin-Forensics

ronin network attack - forensic analysis - osint investigation - crystal chain

Size: 4.88 KB - Last synced at: about 3 hours ago - Pushed at: about 4 hours ago - Stars: 0 - Forks: 0

PaloAltoNetworks/Unit42-timely-threat-intel

A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence.

Size: 1.56 MB - Last synced at: about 9 hours ago - Pushed at: about 10 hours ago - Stars: 364 - Forks: 30

theouterspaced/ip-blocklist

Bad IPs that have recently attacked or phished my personal infrastructure.

Size: 59.6 KB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 0 - Forks: 0

drb-ra/C2IntelFeeds

Automatically created C2 Feeds

Language: REXX - Size: 9.69 GB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 639 - Forks: 54

InQuest/iocextract

Defanged Indicator of Compromise (IOC) Extractor.

Language: Python - Size: 777 KB - Last synced at: 2 days ago - Pushed at: about 1 year ago - Stars: 545 - Forks: 93

edoardottt/defango

URL / IP / Email defanging with Golang. Make IoC harmless.

Language: Go - Size: 37.1 KB - Last synced at: 11 days ago - Pushed at: 11 days ago - Stars: 19 - Forks: 0

ZanetaoBroos/LeakBaseCTI

LeakBaseCTI 🐙: OSINT investigative framework and backup of LeakBase leaks, stealer logs and user data with search, validation, export and CSV support.

Language: Python - Size: 2.2 MB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 1 - Forks: 0

ninoseki/fanger

An npm package to defang and refang IoC

Language: TypeScript - Size: 1.35 MB - Last synced at: 13 days ago - Pushed at: 13 days ago - Stars: 10 - Forks: 3

JGoyd/Threat-Intel-Apple-System-Spoofing-C2

Technical threat report detailing post-exploitation C2 activity on iOS using Apple system service spoofing, TLS 1.3 traffic, and reflective binary loading. Includes full analysis, logs, and behavioral indicators for investigation.

Size: 9.77 KB - Last synced at: 13 days ago - Pushed at: 14 days ago - Stars: 0 - Forks: 0

ninoseki/ioc-extractor

An npm package for extracting common IoC (Indicator of Compromise) from a block of text

Language: TypeScript - Size: 2.52 MB - Last synced at: 14 days ago - Pushed at: 14 days ago - Stars: 58 - Forks: 12

ioc-fang/ioc-fanger

Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .

Language: Python - Size: 764 KB - Last synced at: 17 days ago - Pushed at: almost 2 years ago - Stars: 64 - Forks: 10

elliotwutingfeng/rstthreatsall

This repository consolidates all unique IOCs ever released at rstthreats. Updated at least once a day.

Language: Python - Size: 710 MB - Last synced at: 25 days ago - Pushed at: 25 days ago - Stars: 7 - Forks: 1

RussianPanda95/Malware

IOCs and notes related to malware

Language: Python - Size: 33.2 KB - Last synced at: 6 days ago - Pushed at: 2 months ago - Stars: 25 - Forks: 8

fhightower/ioc-finder

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

Language: Python - Size: 1.35 MB - Last synced at: 7 days ago - Pushed at: almost 2 years ago - Stars: 168 - Forks: 42

JuanVilla424/abuseipdb-ioc

AbuseIPDB IOC TAXII2 Processor Using a local database to mark unresponsible IP handlers that AbuseIPDB whitelist. API Rest/STIX for ELK ingest Custom Threat Intelligence (CTI).

Language: Python - Size: 340 KB - Last synced at: 7 days ago - Pushed at: 18 days ago - Stars: 1 - Forks: 0

frknaykc/Dragon-ThreatResearchHQ

A comprehensive repository for malware analysis and threat intelligence, including Cobalt Strike Beacon configurations, YARA rules, IOCs, Suricata rules, and malware samples to support cybersecurity efforts.

Language: YARA - Size: 462 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 9 - Forks: 1

maxxsyntax/probeprint2

Correlating Open Source Intelligence with Signals to devise unique identifiers

Language: Shell - Size: 3.67 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 2 - Forks: 0

frknaykc/Dragon-RansomwareResearchHQ

A resource containing all the data each ransomware gangs

Size: 589 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 3 - Forks: 0

SOC-CyberART/CARTI-Feeds

Size: 232 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 10 - Forks: 0

CuriosidadesDeHackers/Telegram-Bot-para-Gestion-de-Indicadores-de-Compromiso-IOCs-y-CTI

Este proyecto consiste en un bot de Telegram que permite a los usuarios agregar Indicadores de Compromiso (IOCs) a un archivo AsciiDoc (peticiones.adoc) y luego subirlo a un repositorio de GitHub. El bot está diseñado para funcionar en chats privados y grupos específicos.

Language: JavaScript - Size: 2.23 MB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0

InQuest/ThreatIngestor

Extract and aggregate threat intelligence.

Language: Python - Size: 1.65 MB - Last synced at: 2 months ago - Pushed at: over 1 year ago - Stars: 872 - Forks: 137

reversinglabs/reversinglabs-yara-rules

ReversingLabs YARA Rules

Language: YARA - Size: 572 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 825 - Forks: 110

assafmo/xioc

Extract indicators of compromise from text, including "escaped" ones.

Language: Go - Size: 64.5 KB - Last synced at: 23 days ago - Pushed at: over 5 years ago - Stars: 160 - Forks: 11

jon-brandy/HolmesGeo

A simple, modular tool for extracting and analyzing IP addresses from multiple sources.

Language: Python - Size: 5.9 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 1

emalderson/ThePhish

ThePhish: an automated phishing email analysis tool

Language: Python - Size: 4.45 MB - Last synced at: 4 months ago - Pushed at: about 1 year ago - Stars: 1,229 - Forks: 183

fox-it/cobaltstrike-beacon-data

Open Dataset of Cobalt Strike Beacon metadata (2018-2022)

Language: Jupyter Notebook - Size: 158 MB - Last synced at: 3 days ago - Pushed at: over 3 years ago - Stars: 125 - Forks: 28

Geekmaster-General/IOCs

Storage for the IOCs I collect

Size: 4.56 MB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 10 - Forks: 1

hrbrmstr/extractor

⛏macOS app to extract IoCs from PDFs, text files, HTML, URLs, and the pasteboard

Language: Swift - Size: 1.09 MB - Last synced at: 5 months ago - Pushed at: over 4 years ago - Stars: 6 - Forks: 1

alaynavendetta/FangShepherd

FangShepherd is a lightweight Python tool for extracting, defanging, and refanging IOCs (Indicators of Compromise) such as URLs, IPs, emails, and hashes (MD5, SHA1, SHA256). Ideal for threat intel and DFIR workflows, it supports both file input and manual paste, making it quick and versatile for security analysts.

Language: Python - Size: 6.84 KB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 0 - Forks: 0

vuldb/cyber_threat_intelligence

Cyber Threat Intelligence Data, Indicators, and Analysis

Size: 84 MB - Last synced at: 6 months ago - Pushed at: 9 months ago - Stars: 84 - Forks: 15

swisscom/detections 📦

Threat intelligence and threat detection indicators (IOC, IOA)

Language: YARA - Size: 1.47 MB - Last synced at: 4 months ago - Pushed at: almost 5 years ago - Stars: 52 - Forks: 10

arhadnane/MalwareFileAnalyzer

MalwareFileAnalyzer is a tool for analyzing files to detect indicators of compromise and anomalies. It supports analyzing PE (Portable Executable) and PDF files, as well as checking file hashes with VirusTotal.

Language: C# - Size: 14.6 KB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 0 - Forks: 0

gbikram/CTI-Automation-Platform

An automated Cyber Threat Intelligence (CTI) apparatus, implemented via a suite of Free & Open-source Software (FOSS)

Language: Python - Size: 94 MB - Last synced at: 5 months ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 2

Lupovis/Prowl-API

Prowl is an API that allows you to send IP and in return obtain the reputation of the IP as well as indicators of attacks and indicators of compromise associated with the address. Lupovis monitors the web in real time and identifies malicious IP addresses for you.

Language: JavaScript - Size: 81.1 KB - Last synced at: 6 days ago - Pushed at: over 2 years ago - Stars: 8 - Forks: 1

securechicken/tinypeg

Provides Amnesty International's "Pegasus" domain IOCs transformation to a TinyCheck source format

Language: Shell - Size: 30.3 KB - Last synced at: 25 days ago - Pushed at: about 4 years ago - Stars: 9 - Forks: 1

grepstrength/RealGoVetter

Simple GUI tool to do reputation checks on bulk lists of IOCs by utilizing the VirusTotal API.

Language: Go - Size: 43 KB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 3 - Forks: 0

timosarkar/c3rb3rus

cerberus: worlds largest and most versatile signature/behavioural malware scanner with ~100000 rules

Language: YARA - Size: 16.8 MB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 1 - Forks: 0

AutomateSecOps/Working-With-Tines-Resources

My ongoing journey with the Tines SOAR platform.

Size: 661 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 0 - Forks: 0

alphaSeclab/malware-ioc-hash

Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.

Language: Python - Size: 5.63 MB - Last synced at: about 2 months ago - Pushed at: almost 5 years ago - Stars: 17 - Forks: 5

HappyStoic/iris

Iris - P2P System for Confidential Sharing of Threat Intelligence and Collaborative Defense for Slips

Language: Go - Size: 1.28 MB - Last synced at: 1 day ago - Pushed at: about 1 year ago - Stars: 9 - Forks: 5

DrPwner/FortiFox

FortiEDR Threat Intelligence Database. ThreatFox Threat Intelligence Database Integration with FortiEDR

Language: Python - Size: 48.8 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 1 - Forks: 0

MishcondeReya/Covid-19-CTI

A collection of Covid-19 related threat intelligence and resources.

Size: 169 KB - Last synced at: 3 months ago - Pushed at: about 5 years ago - Stars: 19 - Forks: 8

cyb3rmik3/Hunting-Lists

A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.

Size: 51.8 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 28 - Forks: 6

kamakala/ip-reputation-scanner

Relieving the manual task of checking the ip reputation

Language: Python - Size: 23.4 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 3 - Forks: 0

databricks-industry-solutions/ioc-matching

IOC matching for incident responders, threat hunters, detection engineers, and security engineers.

Language: Python - Size: 144 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 10 - Forks: 5

hm-seclab/YAFRA

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Language: Python - Size: 1.26 MB - Last synced at: 1 day ago - Pushed at: over 3 years ago - Stars: 27 - Forks: 5

AlexLinov/IOC-Generator

IOC Generator for Microsoft Defender for Endpoints

Language: Python - Size: 4.88 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

rstcloud/rstthreats

Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.

Language: HTML - Size: 2.95 GB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 32 - Forks: 8

sreeves0/IoCs

This repository will contain all the IoCs for the SecOps team to use in Microsoft Sentinel.

Size: 6.84 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0

UncleSocks/win-netstat-ioc-address-checker 📦

A basic IP address IOC checker for Windows using Netstat and Wordlists, written in Python3.

Language: Python - Size: 95.7 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0

cfalta/ioctool

Rex-ing indicators out of unstructured text (like an e-mail)

Language: PowerShell - Size: 1000 Bytes - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

atakanaydinbas/gofangdefang

GoFangDefang is a Go library for secure manipulation of Indicators of Compromise (IOCs), converting them between their original "fang" format (with special characters) and a safer "defang" format. It prevents accidental execution of potentially malicious IOCs like URLs, IPs, domains, or subdomains.

Language: Go - Size: 26.4 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 8 - Forks: 1

wesinator/indicator-deprecation-calculator

Web app to calculate "indicators of compromise" confidence deprecation timelines (used with threat intel platforms such as ThreatConnect).

Language: HTML - Size: 6.84 KB - Last synced at: over 1 year ago - Pushed at: about 5 years ago - Stars: 1 - Forks: 1

Deilis/IOC-validator-deivscan

IOC validation with Python

Language: Python - Size: 58.6 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

azazelm3dj3d/vsioc

VSIOC is a real-time Visual Studio Code extension for extracting IOCs from the active open editor

Language: TypeScript - Size: 1.14 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

halilozturkci/APT38-Lazarus-Threat-Analysis-Report-from-ADEO

ADEO APT38 Lazarus Threat Analysis Report

Size: 2.61 MB - Last synced at: almost 2 years ago - Pushed at: over 5 years ago - Stars: 3 - Forks: 1

levlesec/cellebrite-ioc

An IOC collection for the Cellebrite UFED forensic toolkit.

Size: 21.5 KB - Last synced at: almost 2 years ago - Pushed at: over 4 years ago - Stars: 13 - Forks: 4

IRB0T/IOC

Our objective is to update the indicators-of-compromise based on published reports for Zero-Day Vulnerability and Ransomware groups

Size: 93.8 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 2 - Forks: 0

401trg/detections

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Language: Python - Size: 4.37 MB - Last synced at: almost 2 years ago - Pushed at: over 4 years ago - Stars: 120 - Forks: 19

jefnilham/IOC-Extractor

Chrome extension that extracts possible IOCs from online reports.

Language: JavaScript - Size: 38.1 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

codexlynx/iocs

Threat Intelligence & Indicators of Compromise repository.

Language: YARA - Size: 7.81 KB - Last synced at: 6 months ago - Pushed at: over 3 years ago - Stars: 2 - Forks: 0

OllieJC/no-direct-ip

Browser extension to block directly entered, external or public IP v4 and v6 addresses

Language: JavaScript - Size: 1.58 MB - Last synced at: 7 days ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 1

Lyc4on/EvtXHunt

EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.

Language: Python - Size: 191 MB - Last synced at: about 2 years ago - Pushed at: almost 4 years ago - Stars: 14 - Forks: 1

IronNetCybersecurity/IronNetTR

Threat research and reporting from IronNet's Threat Research Teams

Language: Jupyter Notebook - Size: 73.1 MB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 41 - Forks: 5

rs-develop/ForIocCrawler

A forensic ioc crawler and parser.

Language: Python - Size: 114 KB - Last synced at: 13 days ago - Pushed at: almost 3 years ago - Stars: 5 - Forks: 2

Xorlent/Falcon-IOC

Crowdstrike Falcon® custom IOC management tool

Size: 26.4 KB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

martinkubecka/C2Detective

:mag: Application for detecting command and control (C2) communication through network traffic analysis.

Language: Python - Size: 694 KB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 2 - Forks: 0

gnxsecurity/gnx-threat-intelligence

A commercial grade threat intelligence feed thats validated and updated every half hour.

Language: SuperCollider - Size: 627 MB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 19 - Forks: 3

wizardy0ga/Pyramid-Of-Pain

An overview of the Pyramid of Pain, a pyramid model that represents a scaling level of impact to threat actor operations when an indicator is successfully responded to at its assigned level.

Size: 19.5 KB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

martinkubecka/mailo

:mailbox_with_mail: Process EML and MSG file types and extract various Indicators of Compromise.

Language: Python - Size: 39.1 KB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

subhayuroy/ComputationalForensics

🚨Computational Forensics is an emerging research🔎 domain. It deals with 🕵️‍♀️solving forensic problems🚔 using digital methods👨‍💻. It uses computational science to study digital evidence.

Language: Python - Size: 422 KB - Last synced at: over 2 years ago - Pushed at: almost 4 years ago - Stars: 2 - Forks: 2

cyberpasta/loki-scan-manager

Manage loki scans over a large network.

Language: PowerShell - Size: 104 KB - Last synced at: over 2 years ago - Pushed at: over 4 years ago - Stars: 3 - Forks: 0

wickywanka/IOC-Scraping

Language: Python - Size: 29.3 KB - Last synced at: over 2 years ago - Pushed at: about 3 years ago - Stars: 0 - Forks: 0

silascutler/IntelDB

Minimal Indicator Storage System

Language: Python - Size: 177 KB - Last synced at: over 2 years ago - Pushed at: over 4 years ago - Stars: 11 - Forks: 2

tcbutler320/CVE-2021-3441-check

CVE-2021-3441 CVE Check is a python script to search targets for indicators of compromise to CVE-2021-3441

Language: Python - Size: 15.2 MB - Last synced at: over 2 years ago - Pushed at: about 4 years ago - Stars: 2 - Forks: 0

Related Keywords
indicators-of-compromise 75 ioc 27 threat-intelligence 26 cybersecurity 17 iocs 13 threatintel 12 malware 11 threat-hunting 10 osint 9 malware-research 8 python 8 incident-response 7 malware-analysis 6 indicators 6 security 6 blueteam 5 cyber-threat-intelligence 5 threat-sharing 5 defang 5 security-tools 4 dfir 4 yara 4 misp 4 cti 4 automation 4 ioc-extractor 3 mitre-attack 3 forensics 3 ransomware-detection 3 yara-rules 3 ransomware 3 geolocation 3 c2 2 command-and-control 2 cyberthreatintelligence 2 apt 2 ransomware-prevention 2 jupyter-notebook 2 virustotal-api 2 fang 2 hacktoberfest 2 research 2 macos 2 malicious 2 threat-intel 2 intelligence 2 enrichment 2 multiprocessing 2 hashes 2 ioa 2 indicator-of-compromise 2 chrome-extension 2 elasticsearch 2 cyber-threats 2 malicious-traffic 2 threat-detection 2 abuseipdb 2 advanced-persistent-threat-data 2 cobaltstrike 2 threat-analysis 2 metasploit 2 virustotal 2 detection 2 cyber-security 2 defanging 2 digital-forensics 2 cobalt-strike 2 go 2 golang 2 phishing 2 ip-reputation-checker 2 ip-reputation 2 ip-lookup-api 2 script 2 md5-hash 2 infosec 2 indicators-of-attack 2 blocklist 2 yara-signatures 2 python3 2 regex 2 netstat 1 information-security 1 forensics-tools 1 python-script 1 powershell 1 cve-scanning 1 watchlists 1 defender-for-endpoint 1 reputation 1 gitlab 1 github 1 git 1 reputation-api 1 databricks-industry-solutions 1 detection-e 1 dlt 1 cyber-threat-analyst 1 fortinet 1 fortigate 1