databricks-industry-solutions/ioc-matching

IOC matching for incident responders, threat hunters, detection engineers, and security engineers.

Language: Python - Size: 144 KB - Last synced: 6 days ago - Pushed: 7 days ago - Stars: 10 - Forks: 5

PaloAltoNetworks/Unit42-timely-threat-intel

A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence.

Size: 760 KB - Last synced: 12 days ago - Pushed: 12 days ago - Stars: 124 - Forks: 5

InQuest/ThreatIngestor

Extract and aggregate threat intelligence.

Language: Python - Size: 1.65 MB - Last synced: 12 days ago - Pushed: 4 months ago - Stars: 790 - Forks: 132

reversinglabs/reversinglabs-yara-rules

ReversingLabs YARA Rules

Language: YARA - Size: 504 KB - Last synced: 12 days ago - Pushed: 13 days ago - Stars: 703 - Forks: 102

ninoseki/ioc-extractor

An npm package for extracting common IoC (Indicator of Compromise) from a block of text

Language: TypeScript - Size: 2.17 MB - Last synced: 13 days ago - Pushed: 17 days ago - Stars: 51 - Forks: 12

AlexLinov/IOC-Generator

IOC Generator for Microsoft Defender for Endpoints

Language: Python - Size: 4.88 KB - Last synced: 21 days ago - Pushed: 21 days ago - Stars: 0 - Forks: 0

InQuest/iocextract

Defanged Indicator of Compromise (IOC) Extractor.

Language: Python - Size: 825 KB - Last synced: about 2 months ago - Pushed: 6 months ago - Stars: 485 - Forks: 88

emalderson/ThePhish

ThePhish: an automated phishing email analysis tool

Language: Python - Size: 4.54 MB - Last synced: about 2 months ago - Pushed: over 1 year ago - Stars: 1,038 - Forks: 168

elliotwutingfeng/rstthreatsall

This repository consolidates all unique IOCs ever released at rstthreats. Updated at least once a day.

Language: Python - Size: 587 MB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 5 - Forks: 2

rstcloud/rstthreats

Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.

Language: HTML - Size: 2.95 GB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 32 - Forks: 8

drb-ra/C2IntelFeeds

Automatically created C2 Feeds

Language: REXX - Size: 2.77 GB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 432 - Forks: 41

fhightower/ioc-finder

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

Language: Python - Size: 1.35 MB - Last synced: 14 days ago - Pushed: 7 months ago - Stars: 151 - Forks: 38

vuldb/cyber_threat_intelligence

Cyber Threat Intelligence Data, Indicators, and Analysis

Size: 58 MB - Last synced: 2 months ago - Pushed: 2 months ago - Stars: 64 - Forks: 14

sreeves0/IoCs

This repository will contain all the IoCs for the SecOps team to use in Microsoft Sentinel.

Size: 6.84 KB - Last synced: 2 months ago - Pushed: 2 months ago - Stars: 1 - Forks: 0

UncleSocks/win-netstat-ioc-address-checker 📦

A basic IP address IOC checker for Windows using Netstat and Wordlists, written in Python3.

Language: Python - Size: 95.7 KB - Last synced: 2 months ago - Pushed: 2 months ago - Stars: 1 - Forks: 0

Lupovis/Prowl-API

Prowl is an API that allows you to send IP and in return obtain the reputation of the IP as well as indicators of attacks and indicators of compromise associated with the address. Lupovis monitors the web in real time and identifies malicious IP addresses for you.

Language: JavaScript - Size: 81.1 KB - Last synced: 2 months ago - Pushed: over 1 year ago - Stars: 7 - Forks: 0

edoardottt/defango

URL / IP / Email defanging with Golang. Make IoC harmless.

Language: Go - Size: 24.4 KB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 9 - Forks: 0

gbikram/CTI-Automation-Platform

An automated Cyber Threat Intelligence (CTI) apparatus, implemented via a suite of Free & Open-source Software (FOSS)

Language: Python - Size: 94 MB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 0 - Forks: 0

cyb3rmik3/Hunting-Lists

A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.

Size: 39.1 KB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 25 - Forks: 2

swisscom/detections 📦

Threat intelligence and threat detection indicators (IOC, IOA)

Language: YARA - Size: 1.47 MB - Last synced: 3 months ago - Pushed: over 3 years ago - Stars: 51 - Forks: 11

hm-seclab/YAFRA

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

Language: Python - Size: 1.26 MB - Last synced: about 2 months ago - Pushed: over 2 years ago - Stars: 26 - Forks: 4

cfalta/ioctool

Rex-ing indicators out of unstructured text (like an e-mail)

Language: PowerShell - Size: 1000 Bytes - Last synced: 4 months ago - Pushed: 4 months ago - Stars: 0 - Forks: 0

Geekmaster-General/IOCs

Storage for the IOCs I collect

Size: 4.43 MB - Last synced: 2 months ago - Pushed: 2 months ago - Stars: 5 - Forks: 0

atakanaydinbas/gofangdefang

GoFangDefang is a Go library for secure manipulation of Indicators of Compromise (IOCs), converting them between their original "fang" format (with special characters) and a safer "defang" format. It prevents accidental execution of potentially malicious IOCs like URLs, IPs, domains, or subdomains.

Language: Go - Size: 26.4 KB - Last synced: 5 months ago - Pushed: 5 months ago - Stars: 8 - Forks: 1

wesinator/indicator-deprecation-calculator

Web app to calculate "indicators of compromise" confidence deprecation timelines (used with threat intel platforms such as ThreatConnect).

Language: HTML - Size: 6.84 KB - Last synced: about 1 month ago - Pushed: almost 4 years ago - Stars: 1 - Forks: 1

alphaSeclab/malware-ioc-hash

Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.

Language: Python - Size: 5.63 MB - Last synced: about 1 month ago - Pushed: over 3 years ago - Stars: 16 - Forks: 4

Deilis/IOC-validator-deivscan

IOC validation with Python

Language: Python - Size: 58.6 KB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 0 - Forks: 0

assafmo/xioc

Extract indicators of compromise from text, including "escaped" ones.

Language: Go - Size: 64.5 KB - Last synced: about 2 months ago - Pushed: about 4 years ago - Stars: 162 - Forks: 13

ioc-fang/ioc-fanger

Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .

Language: Python - Size: 764 KB - Last synced: about 1 month ago - Pushed: 8 months ago - Stars: 52 - Forks: 11

azazelm3dj3d/vsioc

VSIOC is a real-time Visual Studio Code extension for extracting IOCs from the active open editor

Language: TypeScript - Size: 1.14 MB - Last synced: 5 months ago - Pushed: 5 months ago - Stars: 0 - Forks: 0

fox-it/cobaltstrike-beacon-data

Open Dataset of Cobalt Strike Beacon metadata (2018-2022)

Language: Jupyter Notebook - Size: 158 MB - Last synced: 7 months ago - Pushed: about 2 years ago - Stars: 113 - Forks: 25

halilozturkci/APT38-Lazarus-Threat-Analysis-Report-from-ADEO

ADEO APT38 Lazarus Threat Analysis Report

Size: 2.61 MB - Last synced: 8 months ago - Pushed: about 4 years ago - Stars: 3 - Forks: 1

levlesec/cellebrite-ioc

An IOC collection for the Cellebrite UFED forensic toolkit.

Size: 21.5 KB - Last synced: 8 months ago - Pushed: over 3 years ago - Stars: 13 - Forks: 4

IRB0T/IOC

Our objective is to update the indicators-of-compromise based on published reports for Zero-Day Vulnerability and Ransomware groups

Size: 93.8 KB - Last synced: 8 months ago - Pushed: 8 months ago - Stars: 2 - Forks: 0

401trg/detections

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Language: Python - Size: 4.37 MB - Last synced: 7 months ago - Pushed: about 3 years ago - Stars: 120 - Forks: 19

jefnilham/IOC-Extractor

Chrome extension that extracts possible IOCs from online reports.

Language: JavaScript - Size: 38.1 KB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 0 - Forks: 0

Lyc4on/EvtXHunt

EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.

Language: Python - Size: 191 MB - Last synced: 9 months ago - Pushed: over 2 years ago - Stars: 14 - Forks: 1

IronNetCybersecurity/IronNetTR

Threat research and reporting from IronNet's Threat Research Teams

Language: Jupyter Notebook - Size: 73.1 MB - Last synced: 10 months ago - Pushed: 10 months ago - Stars: 41 - Forks: 5

rs-develop/ForIocCrawler

A forensic ioc crawler and parser.

Language: Python - Size: 114 KB - Last synced: 2 days ago - Pushed: over 1 year ago - Stars: 5 - Forks: 2

Xorlent/Falcon-IOC

Crowdstrike Falcon® custom IOC management tool

Size: 26.4 KB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0

martinkubecka/C2Detective

:mag: Application for detecting command and control (C2) communication through network traffic analysis.

Language: Python - Size: 694 KB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 2 - Forks: 0

HappyStoic/iris

Iris - P2P System for Confidential Sharing of Threat Intelligence and Collaborative Defense for Slips

Language: Go - Size: 1.28 MB - Last synced: 2 months ago - Pushed: 2 months ago - Stars: 8 - Forks: 1

gnxsecurity/gnx-threat-intelligence

A commercial grade threat intelligence feed thats validated and updated every half hour.

Language: SuperCollider - Size: 627 MB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 19 - Forks: 3

securechicken/tinypeg

Provides Amnesty International's "Pegasus" domain IOCs transformation to a TinyCheck source format

Language: Shell - Size: 30.3 KB - Last synced: 12 months ago - Pushed: almost 3 years ago - Stars: 5 - Forks: 0

wizardy0ga/Pyramid-Of-Pain

An overview of the Pyramid of Pain, a pyramid model that represents a scaling level of impact to threat actor operations when an indicator is successfully responded to at its assigned level.

Size: 19.5 KB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 0 - Forks: 0

martinkubecka/mailo

:mailbox_with_mail: Process EML and MSG file types and extract various Indicators of Compromise.

Language: Python - Size: 39.1 KB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0

subhayuroy/ComputationalForensics

🚨Computational Forensics is an emerging research🔎 domain. It deals with 🕵️‍♀️solving forensic problems🚔 using digital methods👨‍💻. It uses computational science to study digital evidence.

Language: Python - Size: 422 KB - Last synced: about 1 year ago - Pushed: over 2 years ago - Stars: 2 - Forks: 2

ninoseki/fanger

An npm package to defang and refang IoC

Language: TypeScript - Size: 1.31 MB - Last synced: 24 days ago - Pushed: about 1 year ago - Stars: 10 - Forks: 3

cyberpasta/loki-scan-manager

Manage loki scans over a large network.

Language: PowerShell - Size: 104 KB - Last synced: over 1 year ago - Pushed: over 3 years ago - Stars: 3 - Forks: 0

hrbrmstr/extractor

⛏macOS app to extract IoCs from PDFs, text files, HTML, URLs, and the pasteboard

Language: Swift - Size: 1.09 MB - Last synced: about 1 year ago - Pushed: about 3 years ago - Stars: 6 - Forks: 1

wickywanka/IOC-Scraping

Language: Python - Size: 29.3 KB - Last synced: about 1 year ago - Pushed: almost 2 years ago - Stars: 0 - Forks: 0

silascutler/IntelDB

Minimal Indicator Storage System

Language: Python - Size: 177 KB - Last synced: about 1 year ago - Pushed: over 3 years ago - Stars: 11 - Forks: 2

OllieJC/no-direct-ip

Browser extension to block directly entered, external or public IP v4 and v6 addresses

Language: JavaScript - Size: 1.58 MB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 1 - Forks: 0

codexlynx/iocs

Threat Intelligence & Indicators of Compromise repository.

Language: YARA - Size: 7.81 KB - Last synced: over 1 year ago - Pushed: about 2 years ago - Stars: 0 - Forks: 0

tcbutler320/CVE-2021-3441-check

CVE-2021-3441 CVE Check is a python script to search targets for indicators of compromise to CVE-2021-3441

Language: Python - Size: 15.2 MB - Last synced: about 1 year ago - Pushed: almost 3 years ago - Stars: 2 - Forks: 0