A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

Stars: ✭ 66 (-49.23%)

Mutual labels: yara, yara-rules

Threatingestor

Extract and aggregate threat intelligence.

Stars: ✭ 439 (+237.69%)

Mutual labels: yara, threat-intelligence

Python Iocextract

Defanged Indicator of Compromise (IOC) Extractor.

Stars: ✭ 300 (+130.77%)

Mutual labels: yara, threat-intelligence

PhishingKit-Yara-Search

Yara scan Phishing Kit's Zip archive(s)

Stars: ✭ 24 (-81.54%)

Mutual labels: yara, yara-rules

Analyzer

🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more

Stars: ✭ 108 (-16.92%)

Mutual labels: yara, threat-intelligence

yara-validator

Validates yara rules and tries to repair the broken ones.

Stars: ✭ 37 (-71.54%)

Mutual labels: yara, yara-rules

ThreatKB

Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

Stars: ✭ 68 (-47.69%)

Mutual labels: yara, yara-rules

yara-forensics

Set of Yara rules for finding files using magics headers

Stars: ✭ 115 (-11.54%)

Mutual labels: yara, yara-rules

nsm-attack

Mapping NSM rules to MITRE ATT&CK

Stars: ✭ 53 (-59.23%)

Mutual labels: threat-intelligence, suricata-rules

Freki

🐺 Malware analysis platform

Stars: ✭ 285 (+119.23%)

Mutual labels: yara, threat-intelligence

Signature Base

Signature base for my scanner tools

Stars: ✭ 1,212 (+832.31%)

Mutual labels: yara, threat-intelligence

PEiD

Yet another implementation of PEiD with yara

Stars: ✭ 12 (-90.77%)

Mutual labels: yara, yara-rules

Malware Indicators

Citizen Lab Malware Reports

Stars: ✭ 196 (+50.77%)

Mutual labels: yara

View All Similar Projects ➔

threat-intel

This repository contains IoCs related to Volexity public threat intelligence blog posts.

They are organised by year, and within each year, each folder relates to a specific post.

Each post approximately follows the same folder structure - some files or folders may be missing if there is no applicable data for the post.

* YYYY-MM-DD - [Title]
    * indicators
        * indicators.csv
        * snort.rules
        * yara.yar
        * suricata.rules
    * scripts
        * foo.py
    * attachments
        * anything_else.txt

All rules provided are subject to the 2-Clause BSD License found in "LICENSE.txt"

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

volexity / threat-intel

Programming Languages

Labels

Projects that are alternatives of or similar to threat-intel

threat-intel