indicators-of-compromise

There are 12 repositories under indicators-of-compromise topic.

• ThePhish

  emalderson / ThePhish

  ThePhish: an automated phishing email analysis tool

  attackcyberdefensecybersecuritydetectiondigital-forensicsemailfreeincident-responseindicators-of-compromisemalwaremispphishingphishing-detectionpythonscriptthehivethehive4thehive4pythreat-intelligencewebapp
  Language:Python 1120

• InQuest / ThreatIngestor

  Extract and aggregate threat intelligence.

  iocindicators-of-compromisethreatintelthreat-intelligenceosintdfirmalware-researchsecurity-toolsthreat-sharingthreat-feedsthreat-huntingmispfraud-detectionthreat-analysisintelligence-gatheringthreat-intelligence-platformyarasoar
  Language:Python 821
• reversinglabs-yara-rules

  reversinglabs / reversinglabs-yara-rules

  ReversingLabs YARA Rules

  reverse-engineeringyara-rulesyara-signaturesransomware-detectionransomware-preventionmalware-detectionindicators-of-compromiseyara
  Language:YARA 744

• drb-ra / C2IntelFeeds

  Automatically created C2 Feeds

  iocsindicators-of-compromisethreat-intelligencethreatintelthreat-huntingposhc2metasploitempirecobaltstrikecobalt-strike
  Language:REXX 509

• InQuest / iocextract

  Defanged Indicator of Compromise (IOC) Extractor.

  iocindicators-of-compromiselibraryioc-extractordefangthreat-intelligencethreat-sharingthreatintelmalware-researchosintdfirbase64decodingyara
  Language:Python 497

• PaloAltoNetworks / Unit42-timely-threat-intel

  A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence.

  hubindicators-of-compromisethreat-intelligence
  170

• assafmo / xioc

  Extract indicators of compromise from text, including "escaped" ones.

  iociocsextractextractiontext-miningtext-processingindicators-of-compromisecommand-line-toolcommand-linedefangescapingregexregexpdata-mining
  Language:Go 161

• fhightower / ioc-finder

  Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

  indicators-of-compromisethreat-intelligencethreat-huntingthreat-sharinggrammar-parserthreatintelcidr-rangeipv4iocsioc-finderobservablenetwork-datacidr-rangesparse-urlsgrammarsmalware-researchmalware-analysishacktoberfest
  Language:Python 157

• fox-it / cobaltstrike-beacon-data

  Open Dataset of Cobalt Strike Beacon metadata (2018-2022)

  pythonjsonpandasjupyterjupyter-notebookdatasetcobaltstrikebeaconthreat-intelligenceresearchiocsindicators-of-compromise
  Language:Jupyter Notebook 122

• 401trg / detections

  This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

  401trgprotectwiseiocindicatorsindicators-of-compromisethreat-huntingthreat-analysisverizon
  Language:Python 120

• vuldb / cyber_threat_intelligence

  Cyber Threat Intelligence Data, Indicators, and Analysis

  cyber-threat-intelligencecyber-threatsctiiocindicator-of-compromisemalwareexploitioaindicators-of-compromisethreat-intelligence
  71

• ioc-fang / ioc-fanger

  Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .

  threatintelthreat-sharingiocdefangfangiocsindicatorsindicators-of-compromisemalwaremalware-researchhacktoberfest
  Language:Python 55

• ninoseki / ioc-extractor

  An npm package for extracting common IoC (Indicator of Compromise) from a block of text

  threat-intelligenceindicators-of-compromise
  Language:TypeScript 53

• swisscom / detections

  Threat intelligence and threat detection indicators (IOC, IOA)

  indicators-of-compromiseindicatorsdetectionthreat-detection
  Language:YARA 51

• rstcloud / rstthreats

  Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.

  threat-intelligencethreatintelindicators-of-compromisecybersecurity
  Language:HTML 34

• cyb3rmik3 / Hunting-Lists

  A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.

  indicators-of-compromiseiociocstldtldskeywordkeyword-spottingkeywords
  31

• hm-seclab / YAFRA

  YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

  iocincident-responsecybersecuritythreatintelthreat-intelligencethreat-huntingindicatorsindicators-of-compromiseioacyber-threat-intelligencecyberthreatintelligencecyber-threatscyber-threat-analystintelligencethreat-intelmalware-researchmispgitgitlabgithub
  Language:Python 27

• gnxsecurity / gnx-threat-intelligence

  A commercial grade threat intelligence feed thats validated and updated every half hour.

  threat-intelligencethreat-sharingindicators-of-compromiseblacklistblocklistmalicious-traffic
  Language:SuperCollider 19

• MishcondeReya / Covid-19-CTI

  A collection of Covid-19 related threat intelligence and resources.

  coronavirus-phishingthreat-intelligencecyber-securitycoronavirus-scamscovid-19cyber-threat-intelligenceindicators-of-compromisecybersecurity-reportsthreatintelinfosec
  19

• levlesec / cellebrite-ioc

  An IOC collection for the Cellebrite UFED forensic toolkit.

  antiforensicsmalwareindicators-of-compromise
  18

• alphaSeclab / malware-ioc-hash

  Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.

  malwareindicators-of-compromisemalware-ioc
  Language:Python 16

• Lyc4on / EvtXHunt

  EvtXHunt is an Autopsy plugin that is able to analyze Windows EVTX logs against a library of SIGMA rules.

  evtxindicators-of-compromiseautopsydigital-forensicssigmacybersecurity
  Language:Python 15

• databricks-industry-solutions / ioc-matching

  IOC matching for incident responders, threat hunters, detection engineers, and security engineers.

  cybersecuritydatabricks-industry-solutionsdltindicators-of-compromisethreat-huntingdetection-eforensicsincident-response
  Language:Python 14

• edoardottt / defango

  URL / IP / Email defanging with Golang. Make IoC harmless.

  defangdefangingdefensedefensive-securitygogolanggolang-modulegolang-packageindicators-of-compromiseiocmalwaremalware-analysismalware-protectionmalware-researchsecurityphishingphishing-protectionemail-securityweb-securitywebsecurity
  Language:Go 12

• silascutler / IntelDB

  Minimal Indicator Storage System

  malwaremalware-analysisindicators-of-compromise
  Language:Python 11

• HappyStoic / iris

  Iris - P2P System for Confidential Sharing of Threat Intelligence and Collaborative Defense for Slips

  idnipslibp2pp2pp2p-networkslipsthreat-intelligencecollaborative-defensedistributedgogolangindicators-of-compromiseipfspeer-to-peer
  Language:Go 9

• martinkubecka / C2Detective

  :mag: Application for detecting command and control (C2) communication through network traffic analysis.

  blueteamcommand-and-controlnetwork-analysissecurityc2dga-detectionja3statistical-analysisenrichmentindicators-of-compromiseiocs
  Language:Python 9

• ninoseki / fanger

  An npm package to defang and refang IoC

  indicators-of-compromise
  Language:TypeScript 9

• atakanaydinbas / gofangdefang

  GoFangDefang is a Go library for secure manipulation of Indicators of Compromise (IOCs), converting them between their original "fang" format (with special characters) and a safer "defang" format. It prevents accidental execution of potentially malicious IOCs like URLs, IPs, domains, or subdomains.

  iocmalicioussecurity-toolsdefangfangindicators-of-compromisemalwaremalware-research
  Language:Go 8

• Geekmaster-General / IOCs

  Storage for the IOCs I collect

  indicators-of-compromiseadvanced-persistent-threat-dataransomware-resourcesthreat-huntingthreat-intelligencemalware-resourcesphishing-sites
  7

• hrbrmstr / extractor

  ⛏macOS app to extract IoCs from PDFs, text files, HTML, URLs, and the pasteboard

  iocindicators-of-compromisemacos-appmacosswift
  Language:Swift 7

• Lupovis / Prowl-API

  Prowl is an API that allows you to send IP and in return obtain the reputation of the IP as well as indicators of attacks and indicators of compromise associated with the address. Lupovis monitors the web in real time and identifies malicious IP addresses for you.

  cybersecuritygeolocationindicators-of-compromiseinfosecip-lookupip-lookup-apiip-reputationip-reputation-checkernodejsosintreconnaissancesecuritysecurity-toolsindicators-of-attackanti-botanti-spamantispamip-blacklistip-blocklistipscore
  Language:JavaScript 7

• elliotwutingfeng / rstthreatsall

  This repository consolidates all unique IOCs ever released at rstthreats. Updated at least once a day.

  indicators-of-compromiseiocmaliciousosintcybersecuritymalwarethreat-intelthreat-intelligencehacktoberfest
  Language:Python 6

• RussianPanda95 / Malware

  IOCs and notes related to malware

  indicators-of-compromisemalware-analysismalware-research
  Language:Python 6

• securechicken / tinypeg

  Provides Amnesty International's "Pegasus" domain IOCs transformation to a TinyCheck source format

  indicators-of-compromiseiocpegasusnsotinycheck
  Language:Shell 6

• kamakala / ip-reputation-scanner

  Relieving the manual task of checking the ip reputation

  indicators-of-attackindicators-of-compromiseipip-blacklist-checkerip-lookup-apiip-reputationip-reputation-checkermalicious-ip-detectionmalicious-trafficosintreputationreputation-apisecuritysecurity-tools
  Language:Python 5