All Projects → 401trg → Detections

401trg / Detections

Licence: other
This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Detections

Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+282.11%)
Mutual labels:  threat-hunting, ioc
Signature Base
Signature base for my scanner tools
Stars: ✭ 1,212 (+1175.79%)
Mutual labels:  threat-hunting, ioc
Awesome Yara
A curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+1367.37%)
Mutual labels:  threat-hunting, ioc
Intelowl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+2125.26%)
Mutual labels:  threat-hunting, ioc
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-76.84%)
Mutual labels:  ioc, threat-hunting
Patrowlengines
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (+70.53%)
Mutual labels:  threat-hunting, ioc
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (+10.53%)
Mutual labels:  threat-hunting, ioc
sophos-central-api-connector
Leverage Sophos Central API
Stars: ✭ 17 (-82.11%)
Mutual labels:  ioc, threat-hunting
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+362.11%)
Mutual labels:  threat-hunting, ioc
Koatty
Koa2 + Typescript = Koatty. Use Typescript's decorator implement IOC and AOP.
Stars: ✭ 67 (-29.47%)
Mutual labels:  ioc
Evtx Attack Samples
Windows Events Attack Samples
Stars: ✭ 1,243 (+1208.42%)
Mutual labels:  threat-hunting
Injex
Simple, Decorated, Pluggable dependency-injection framework for TypeScript applications
Stars: ✭ 65 (-31.58%)
Mutual labels:  ioc
Thunder
Stars: ✭ 70 (-26.32%)
Mutual labels:  ioc
Teler
Real-time HTTP Intrusion Detection
Stars: ✭ 1,248 (+1213.68%)
Mutual labels:  threat-hunting
Ioc2rpz
ioc2rpz is a place where threat intelligence meets DNS.
Stars: ✭ 67 (-29.47%)
Mutual labels:  ioc
Container Ioc
Inversion of Control container & Dependency Injection for Javascript and Node.js apps powered by Typescript.
Stars: ✭ 89 (-6.32%)
Mutual labels:  ioc
Singularity
A extremely fast ioc container for high performance applications
Stars: ✭ 63 (-33.68%)
Mutual labels:  ioc
Aspnetcore Ddd
Full ASP.NET Core 3.1 LTS application with DDD, CQRS and Event Sourcing
Stars: ✭ 88 (-7.37%)
Mutual labels:  ioc
Sysmon Modular
A repository of sysmon configuration modules
Stars: ✭ 1,229 (+1193.68%)
Mutual labels:  threat-hunting
Poodinis
A dependency injection framework for D with support for autowiring.
Stars: ✭ 57 (-40%)
Mutual labels:  ioc

Detections

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and IDS signatures to detect these indicators.

Our public PGP Key can be found here.

Reports

Published Post IOC : IDS : PCAP : PDF
May 03, 2018 Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers 20180503_Burning_Umbrella_Area_1_indicators.csv
20180503_Burning_Umbrella_Area_2_indicators.csv
20180503_Burning_Umbrella_Area_3_indicators.csv
20180503_Burning_Umbrella_Area_5_indicators.csv
20180503_Burning_Umbrella_Area_6_indicators.csv
20180503_Burning_Umbrella_Area_7_indicators.csv
20180503_Burning_Umbrella_Area_8_indicators.csv
20180503_Burning_Umbrella.pdf
Apr 02, 2018 Building a Data Lake for Threat Research
Feb 22, 2018 Analysis of Active Satori Botnet Infections 20180222_Analysis_of_Active_Satori_Botnet_Infections_indicators
20180222_Analysis_of_Active_Satori_Botnet_Infections__ids
Dec 20, 2017 An Introduction to SMB for Network Security Analysts 20171220_Introduction_to_SMB_pcaps
20171220_Introduction_to_SMB_pdf
Nov 28, 2017 Triaging Large Packet Captures - Methods for Extracting & Analyzing Domains
Nov 14, 2017 Using Emerging Threats Suricata Ruleset to Scan PCAP
Nov 01, 2017 Exposing a Phishing Kit 20171101_ExposingPhishing_indicators
20171101_ExposingPhishing_ids
Oct 26, 2017 Large Scale IRCbot Infection Attempts 20171026_LargeScaleIRC_indicators
20171026_LargeScaleIRC_ids
Oct 16, 2017 An Update on Winnti 20171016_UpdateWinnti_indicators
20171016_UpdateWinnti_ids
Oct 10, 2017 Turla Watering Hole Campaigns 2016/2017 20171010_TurlaWateringHole_indicators
20171010_TurlaWateringHole_ids
Oct 02, 2017 Identifying and Triaging DNS Traffic on Your Network
Sept 28, 2017 Triaging Large Packet Captures - 4 Key TShark Commands to Start Your Investigation
Jul 11, 2017 Winnti (LEAD/APT17) Evolution - Going Open Source 20170711_WinntiEvolution_indicators

IDS

This directory contains IDS signatures to detect the indicators located in the IOC directory. These signatures are compatible with Suricata v4.0.4.

IOC

This directory contains IOCs from posts at 401trg.com. The csv files follow the unified format described below. These indicators are not defanged and should be considered malicious.

PCAPS

This directory contains example pcaps from "knowledge" posts at 401trg.com.

PDF

This directory contains PDFs of 401TRG long-form posts.

Unified Format

All IOC files are in CSV and have the following format: Indicator,Type,Description,Reference

There are several types of indicators:

  • COOKIE
  • CERT SHA1
  • CODE SIGN CERT SERIAL
  • DOMAIN
  • EMAIL
  • FILE MD5
  • IP
  • PHONE
  • URL

Example:

Indicator,Type,Description,Reference
asdf.asdf.com,DOMAIN,This is a malicious domain,https://401trg.com/this-post-does-not-exist

The description field is left blank when there is no context to add to the indicator. The reference field will contain a link to the 401TRG post that disclosed the indicator.

License

All data is provided under Apache License, Version 2.0 which can be found here.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].