GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → faisalusuf → ThreatIntelligence

faisalusuf / ThreatIntelligence

Licence: other
Tracking APT IOCs

Labels

threat-huntingthreat-sharingthreatintelthreat-intelligence

Projects that are alternatives of or similar to ThreatIntelligence

Misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+15052.17%)
Mutual labels:  threat-hunting, threat-sharing, threatintel, threat-intelligence
pybinaryedge
Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/
Stars: ✭ 16 (-30.43%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
OSINT-Brazuca
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Stars: ✭ 508 (+2108.7%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
Threatbus
🚌 The missing link to connect open-source threat intelligence tools.
Stars: ✭ 139 (+504.35%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
pyeti
Python bindings for Yeti's API
Stars: ✭ 15 (-34.78%)
Mutual labels:  threat-hunting, threat-sharing, threatintel
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-4.35%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
Patrowlhears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (+286.96%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
awesome-malware-analysis
Defund the Police.
Stars: ✭ 9,181 (+39817.39%)
Mutual labels:  threat-sharing, threatintel, threat-intelligence
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (+1808.7%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
Sysmontools
Utilities for Sysmon
Stars: ✭ 903 (+3826.09%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (+200%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
sqhunter
A simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (+178.26%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
censys-recon-ng
recon-ng modules for Censys
Stars: ✭ 29 (+26.09%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
IronNetTR
Threat research and reporting from IronNet's Threat Research Teams
Stars: ✭ 36 (+56.52%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
best-practices-in-threat-intelligence
Best practices in threat intelligence
Stars: ✭ 38 (+65.22%)
Mutual labels:  threat-sharing, threatintel, threat-intelligence
Stalkphish
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (+1013.04%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
csirtg-smrt-v1
the fastest way to consume threat intelligence.
Stars: ✭ 27 (+17.39%)
Mutual labels:  threat-hunting, threat-sharing, threatintel
Intelowl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+9091.3%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
mail to misp
Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (+165.22%)
Mutual labels:  threat-hunting, threatintel, threat-intelligence
Analyst Arsenal
A toolkit for Security Researchers
Stars: ✭ 112 (+386.96%)
Mutual labels:  threat-hunting, threat-intelligence
View All Similar Projects ➔

ThreatIntelligence

Tracking APT IOCs

Motivation

When analyzing an Incident or artifacts about an APT, the research reports published on the internet usually found with different given APT names and the IOCs in these reports are collected from unique sources. This can lead to difficulty in the analysis by a researchers, specially who are new to CTI. During analysis several sources are required to be searched and it can be daunting tasks for analysts to keep a track on IOCs, review and remove potential false positives.

We will try to collect all publically accessible IOCs for specific APT group consolidate in one place. This is an on-going process and this repo will be keep on updating.

Methodology

The IOCs are collected from several sources publically accessible and new one as it published. The IOCs collected from these sources are fed into MISP and correlation are performed based on other threat feeds. The enrichments are done using different MISP modules and potential false positives are manually reviewed.

You are more than welcome to contribute by sharing the IOCs which are missing, idea for improvement to make it more actionable. For this you may raise an issue along with IOC and reference URL from where the IOCs is collected.

Inspiration:

  • @Arkbird_SOLG (Special Thanks for expert advice)
  • @malwrhunterteam
  • @MeltX0R
  • @ItsReallyNick
  • @_re_fox
  • @Rmy_Reserve
  • @DeadlyLynn
  • @James_inthe_box
  • @ShadowChasing1
  • @cyb3rops
  • @DrunkBinary
  • @craiu
  • @VK_Intel
  • @thepacketrat
The IOCs can be made available in the following formats if required:
  • MISP XML
  • MISP JSON
  • OpenIOC
  • STIX XML
  • STIX JSON
  • STIX2
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].