indicators-of-compromise

There are 10 repositories under indicators-of-compromise topic.

• ThePhish

  emalderson / ThePhish

  ThePhish: an automated phishing email analysis tool

  emaildetectionmalwarephishingcybersecuritymispthehivethehive4thehive4pyindicators-of-compromisecyberdefensephishing-detectionpythonincident-responsefreedigital-forensicsthreat-intelligencewebappattackscript
  Language:Python 1052

• InQuest / ThreatIngestor

  Extract and aggregate threat intelligence.

  iocindicators-of-compromisethreatintelthreat-intelligenceosintdfirmalware-researchsecurity-toolsthreat-sharingthreat-feedsthreat-huntingmispfraud-detectionthreat-analysisintelligence-gatheringthreat-intelligence-platformyarasoar
  Language:Python 790
• reversinglabs-yara-rules

  reversinglabs / reversinglabs-yara-rules

  ReversingLabs YARA Rules

  reverse-engineeringyara-rulesyara-signaturesransomware-detectionransomware-preventionmalware-detectionindicators-of-compromiseyara
  Language:YARA 701

• InQuest / iocextract

  Defanged Indicator of Compromise (IOC) Extractor.

  iocindicators-of-compromiselibraryioc-extractordefangthreat-intelligencethreat-sharingthreatintelmalware-researchosintdfirbase64decodingyara
  Language:Python 488

• drb-ra / C2IntelFeeds

  Automatically created C2 Feeds

  iocsindicators-of-compromisethreat-intelligencethreatintelthreat-huntingposhc2metasploitempirecobaltstrikecobalt-strike
  Language:REXX 444

• assafmo / xioc

  Extract indicators of compromise from text, including "escaped" ones.

  iociocsextractextractiontext-miningtext-processingindicators-of-compromisecommand-line-toolcommand-linedefangescapingregexregexpdata-mining
  Language:Go 161

• fhightower / ioc-finder

  Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

  indicators-of-compromisethreat-intelligencethreat-huntingthreat-sharinggrammar-parserthreatintelcidr-rangeipv4iocsioc-finderobservablenetwork-datacidr-rangesparse-urlsgrammarsmalware-researchmalware-analysishacktoberfest
  Language:Python 151

• PaloAltoNetworks / Unit42-timely-threat-intel

  A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence.

  hubindicators-of-compromisethreat-intelligence
  122

• 401trg / detections

  This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

  401trgprotectwiseiocindicatorsindicators-of-compromisethreat-huntingthreat-analysisverizon
  Language:Python 121

• fox-it / cobaltstrike-beacon-data

  Open Dataset of Cobalt Strike Beacon metadata (2018-2022)

  pythonjsonpandasjupyterjupyter-notebookdatasetcobaltstrikebeaconthreat-intelligenceresearchiocsindicators-of-compromise
  Language:Jupyter Notebook 117

• vuldb / cyber_threat_intelligence

  Cyber Threat Intelligence Data, Indicators, and Analysis

  cyber-threat-intelligencecyber-threatsctiiocindicator-of-compromisemalwareexploitioaindicators-of-compromisethreat-intelligence
  66

• ioc-fang / ioc-fanger

  Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .

  threatintelthreat-sharingiocdefangfangiocsindicatorsindicators-of-compromisemalwaremalware-researchhacktoberfest
  Language:Python 52

• ninoseki / ioc-extractor

  An npm package for extracting common IoC (Indicator of Compromise) from a block of text

  threat-intelligenceindicators-of-compromise
  Language:TypeScript 51

• swisscom / detections

  Threat intelligence and threat detection indicators (IOC, IOA)

  detectionindicatorsindicators-of-compromisethreat-detection
  Language:YARA 51

• rstcloud / rstthreats

  Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.

  threat-intelligencethreatintelindicators-of-compromisecybersecurity
  Language:HTML 33

• cyb3rmik3 / Hunting-Lists

  A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.

  indicators-of-compromiseiociocstldtldskeywordkeyword-spottingkeywords
  27

• hm-seclab / YAFRA

  YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

  iocincident-responsecybersecuritythreatintelthreat-intelligencethreat-huntingindicatorsindicators-of-compromiseioacyber-threat-intelligencecyberthreatintelligencecyber-threatscyber-threat-analystintelligencethreat-intelmalware-researchmispgitgitlabgithub
  Language:Python 27

• MishcondeReya / Covid-19-CTI

  A collection of Covid-19 related threat intelligence and resources.

  coronavirus-phishingthreat-intelligencecyber-securitycoronavirus-scamscovid-19cyber-threat-intelligenceindicators-of-compromisecybersecurity-reportsthreatintelinfosec
  20

• gnxsecurity / gnx-threat-intelligence

  A commercial grade threat intelligence feed thats validated and updated every half hour.

  threat-intelligencethreat-sharingindicators-of-compromiseblacklistblocklistmalicious-traffic
  Language:SuperCollider 18

• levlesec / cellebrite-ioc

  An IOC collection for the Cellebrite UFED forensic toolkit.

  antiforensicsmalwareindicators-of-compromise
  18

• alphaSeclab / malware-ioc-hash

  Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.

  indicators-of-compromisemalwaremalware-ioc
  Language:Python 16

• Lyc4on / EvtXHunt

  EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.

  evtxindicators-of-compromiseautopsydigital-forensicssigmacybersecurity
  Language:Python 15

• silascutler / IntelDB

  Minimal Indicator Storage System

  malwaremalware-analysisindicators-of-compromise
  Language:Python 11

• ninoseki / fanger

  An npm package to defang and refang IoC

  indicators-of-compromise
  Language:TypeScript 10

• databricks-industry-solutions / ioc-matching

  IOC matching for incident responders, threat hunters, detection engineers, and security engineers.

  cybersecuritydatabricks-industry-solutionsdltindicators-of-compromisethreat-huntingdetection-eforensicsincident-response
  Language:Python 9

• edoardottt / defango

  URL / IP / Email defanging with Golang. Make IoC harmless.

  defangdefangingdefensedefensive-securitygogolanggolang-modulegolang-packageindicators-of-compromiseiocmalwaremalware-analysismalware-protectionmalware-researchsecurityphishingphishing-protectionemail-securityweb-securitywebsecurity
  Language:Go 9

• atakanaydinbas / gofangdefang

  GoFangDefang is a Go library for secure manipulation of Indicators of Compromise (IOCs), converting them between their original "fang" format (with special characters) and a safer "defang" format. It prevents accidental execution of potentially malicious IOCs like URLs, IPs, domains, or subdomains.

  iocmalicioussecurity-toolsdefangfangindicators-of-compromisemalwaremalware-research
  Language:Go 8

• HappyStoic / iris

  Iris - P2P System for Confidential Sharing of Threat Intelligence and Collaborative Defense for Slips

  idnipslibp2pp2pp2p-networkslipsthreat-intelligencecollaborative-defensedistributedgogolangindicators-of-compromiseipfspeer-to-peer
  Language:Go 8

• hrbrmstr / extractor

  ⛏macOS app to extract IoCs from PDFs, text files, HTML, URLs, and the pasteboard

  iocindicators-of-compromisemacos-appmacosswift
  Language:Swift 7

• Lupovis / Prowl-API

  Prowl is an API that allows you to send IP and in return obtain the reputation of the IP as well as indicators of attacks and indicators of compromise associated with the address. Lupovis monitors the web in real time and identifies malicious IP addresses for you.

  cybersecuritygeolocationindicators-of-compromiseinfosecip-lookupip-lookup-apiip-reputationip-reputation-checkernodejsosintreconnaissancesecuritysecurity-toolsindicators-of-attackanti-botanti-spamantispamip-blacklistip-blocklistipscore
  Language:JavaScript 7

• martinkubecka / C2Detective

  :mag: Application for detecting command and control (C2) communication through network traffic analysis.

  blueteamcommand-and-controlnetwork-analysissecurityc2dga-detectionja3statistical-analysisenrichmentindicators-of-compromiseiocs
  Language:Python 7

• securechicken / tinypeg

  Provides Amnesty International's "Pegasus" domain IOCs transformation to a TinyCheck source format

  indicators-of-compromiseiocpegasusnsotinycheck
  Language:Shell 6

• elliotwutingfeng / rstthreatsall

  This repository consolidates all unique IOCs ever released at rstthreats. Updated at least once a day.

  cybersecurityhacktoberfestindicators-of-compromiseiocmaliciousmalwareosintthreat-intelthreat-intelligence
  Language:Python 5

• Geekmaster-General / IOCs

  Storage for the IOCs I collect

  indicators-of-compromiseadvanced-persistent-threat-dataransomware-resourcesthreat-huntingthreat-intelligencemalware-resourcesphishing-sites
  5

• rs-develop / ForIocCrawler

  A forensic ioc crawler and parser.

  forensicsiocparsercrawleritsecincident-responsemultiprocessingwhitelistingcsvextractorioc-extractormount-pointsregexregular-expressionindicators-of-compromise
  Language:Python 5

• halilozturkci / APT38-Lazarus-Threat-Analysis-Report-from-ADEO

  ADEO APT38 Lazarus Threat Analysis Report

  adeoadvanced-persistent-threatadvanced-persistent-threat-dataaptattacksindicators-of-compromiselazarusmitre-attackturkey
  4