All Projects → citizenlab → Malware Indicators

citizenlab / Malware Indicators

Citizen Lab Malware Reports

Projects that are alternatives of or similar to Malware Indicators

Python Iocextract
Defanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+53.06%)
Mutual labels:  malware-research, yara, ioc
Awesome Yara
A curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+611.22%)
Mutual labels:  malware-research, yara, ioc
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+123.98%)
Mutual labels:  malware-research, yara, ioc
Loki
Loki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+1031.12%)
Mutual labels:  yara, ioc
freki
🐺 Malware analysis platform
Stars: ✭ 327 (+66.84%)
Mutual labels:  malware-research, yara
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (+45.41%)
Mutual labels:  malware-research, yara
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-88.78%)
Mutual labels:  ioc, malware-research
Linux.mirai
Leaked Linux.Mirai Source Code for Research/IoC Development Purposes
Stars: ✭ 466 (+137.76%)
Mutual labels:  malware-research, ioc
Stoq
An open source framework for enterprise level automated analysis.
Stars: ✭ 352 (+79.59%)
Mutual labels:  malware-research, yara
Multiscanner
Modular file scanning/analysis framework
Stars: ✭ 494 (+152.04%)
Mutual labels:  malware-research, yara
Rpot
Real-time Packet Observation Tool
Stars: ✭ 38 (-80.61%)
Mutual labels:  malware-research, yara
MeltingPot
A tool to cluster similar executables (PEs, DEXs, and etc), extract common signature, and generate Yara patterns for malware detection.
Stars: ✭ 23 (-88.27%)
Mutual labels:  malware-research, yara
MalwareHashDB
Malware hashes for open source projects.
Stars: ✭ 31 (-84.18%)
Mutual labels:  ioc, malware-research
Malware Ioc
Indicators of Compromises (IOC) of our various investigations
Stars: ✭ 955 (+387.24%)
Mutual labels:  yara, ioc
Apkid
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Stars: ✭ 999 (+409.69%)
Mutual labels:  malware-research, yara
ThreatKB
Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)
Stars: ✭ 68 (-65.31%)
Mutual labels:  malware-research, yara
yara
Malice Yara Plugin
Stars: ✭ 27 (-86.22%)
Mutual labels:  malware-research, yara
detection
Detection in the form of Yara, Snort and ClamAV signatures.
Stars: ✭ 70 (-64.29%)
Mutual labels:  ioc, yara
Yargen
yarGen is a generator for YARA rules
Stars: ✭ 795 (+305.61%)
Mutual labels:  malware-research, yara
Signature Base
Signature base for my scanner tools
Stars: ✭ 1,212 (+518.37%)
Mutual labels:  yara, ioc

malware-indicators

This repository includes all malware indicators that were found during the course of Citizen Lab investigations. Each directory corresponds to a single Citizen Lab report as seen below.

Reports

Directory Link Published
202006_DarkBasin Dark Basin: Uncovering a Massive Hack-For-Hire Operation June 9, 2020
201909_MissingLink MISSING LINK: Tibetan Groups Targeted with Mobile Exploits Sept 24, 2019
201905_EndlessMayfly Burned After Reading: Endless Mayfly’s Ephemeral Disinformation Campaign May 14, 2019
201810_TheKingdomCameToCanada The Kingdom Came to Canada: How Saudi-Linked Digital Espionage Reached Canadian Soil Oct 1, 2018
201808_FamiliarFeeling Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces Aug 8, 2018
201803_BadTraffic Bad Traffic: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads? Mar 8, 2018
201801_SpyingOnABudget Spying on a Budget: Inside a Phishing Operation with Targets in the Tibetan Community Jan 30, 2018
201712_Cyberbit Champing at the Cyberbit: Ethiopian Dissidents Targeted with New Commercial Spyware Dec 6, 2017
201707_InsiderInfo Insider Information: An intrusion campaign targeting Chinese language news sites Jul 5, 2017
201706_RecklessRedux Reckless Redux: Senior Mexican Legislators and Politicians Targeted with NSO Spyware Jun 29, 2017
201706_RecklessExploit Reckless Exploit: Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware Jun 19, 2017
201705_TaintedLeaks Tainted Leaks: Disinformation and Phishing With a Russian Nexus May 25, 2017
201702_NilePhish Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society Feb 2, 2017
201611_KeyBoy It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community Nov 11, 2016
201608_NSO_Group "The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender" Aug 24, 2016
201608_Group5 "Group5: Syria and the Iranian Connection" Aug 2, 2016
201605_Stealth_Falcon "Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents" May 29, 2016
201604_UP007_SLServer Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns Apr 18, 2016
201603_Shifting_Tactics Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans Mar 10, 2016
201512_PackRAT "Packrat: Seven Years of a South American Threat Actor" Dec 8, 2015
201510_NGO_Burma Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites Oct 16, 2015
[email protected] Communities @ Risk: Targeted Digital Threats Against Civil Society. Nov 11, 2014

Yara signatures can be found here

Formats

The indicators are provided in the following formats.

  • CSV - plain text comma seperated value with the following columns:
    • uuid - A unique identifier for the indicator.
    • event_id - a number that corresponds to the event.
    • category - type of broad category for indicator (ex: network activity, payload)
    • type - type of indicator (ex: ip-dst, domain, url)
    • comment - text comment or annotation
    • to_ids - whether this indicator is applicable to be included in an IDS or not
    • date - the data when the indicator was added.
  • MISP JSON - Structured format used by the Malware Information Sharing Platform
  • OpenIOC - Format for OpenIOC an open framework for sharing threat intelligence.
  • STIX XML - Format used by the STIX project

License

All data is provided under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International and available in full here and summarized here

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].