citizenlab / Malware Indicators
Citizen Lab Malware Reports
Stars: ✭ 196
Labels
Projects that are alternatives of or similar to Malware Indicators
Python Iocextract
Defanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+53.06%)
Mutual labels: malware-research, yara, ioc
Awesome Yara
A curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+611.22%)
Mutual labels: malware-research, yara, ioc
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+123.98%)
Mutual labels: malware-research, yara, ioc
Loki
Loki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+1031.12%)
Mutual labels: yara, ioc
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-88.78%)
Mutual labels: ioc, malware-research
Linux.mirai
Leaked Linux.Mirai Source Code for Research/IoC Development Purposes
Stars: ✭ 466 (+137.76%)
Mutual labels: malware-research, ioc
Stoq
An open source framework for enterprise level automated analysis.
Stars: ✭ 352 (+79.59%)
Mutual labels: malware-research, yara
Multiscanner
Modular file scanning/analysis framework
Stars: ✭ 494 (+152.04%)
Mutual labels: malware-research, yara
MeltingPot
A tool to cluster similar executables (PEs, DEXs, and etc), extract common signature, and generate Yara patterns for malware detection.
Stars: ✭ 23 (-88.27%)
Mutual labels: malware-research, yara
MalwareHashDB
Malware hashes for open source projects.
Stars: ✭ 31 (-84.18%)
Mutual labels: ioc, malware-research
Malware Ioc
Indicators of Compromises (IOC) of our various investigations
Stars: ✭ 955 (+387.24%)
Mutual labels: yara, ioc
Apkid
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Stars: ✭ 999 (+409.69%)
Mutual labels: malware-research, yara
ThreatKB
Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)
Stars: ✭ 68 (-65.31%)
Mutual labels: malware-research, yara
detection
Detection in the form of Yara, Snort and ClamAV signatures.
Stars: ✭ 70 (-64.29%)
Mutual labels: ioc, yara
Yargen
yarGen is a generator for YARA rules
Stars: ✭ 795 (+305.61%)
Mutual labels: malware-research, yara
malware-indicators
This repository includes all malware indicators that were found during the course of Citizen Lab investigations. Each directory corresponds to a single Citizen Lab report as seen below.
Reports
Yara signatures can be found here
Formats
The indicators are provided in the following formats.
- CSV - plain text comma seperated value with the following columns:
- uuid - A unique identifier for the indicator.
- event_id - a number that corresponds to the event.
- category - type of broad category for indicator (ex: network activity, payload)
- type - type of indicator (ex: ip-dst, domain, url)
- comment - text comment or annotation
- to_ids - whether this indicator is applicable to be included in an IDS or not
- date - the data when the indicator was added.
- MISP JSON - Structured format used by the Malware Information Sharing Platform
- OpenIOC - Format for OpenIOC an open framework for sharing threat intelligence.
- STIX XML - Format used by the STIX project
License
All data is provided under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International and available in full here and summarized here
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].