ThePhish: an automated phishing email analysis tool

Extract and aggregate threat intelligence.

ReversingLabs YARA Rules

Defanged Indicator of Compromise (IOC) Extractor.

Automatically created C2 Feeds

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

Open Dataset of Cobalt Strike Beacon metadata (2018-2022)

This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant yara rules and ids signatures to detect these indicators.

Cyber Threat Intelligence Data, Indicators, and Analysis

Extract indicators of compromise from text, including "escaped" ones.

An npm package for extracting common IoC (Indicator of Compromise) from a block of text

Threat intelligence and threat detection indicators (IOC, IOA)

Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .

A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence.

A collection of Covid-19 related threat intelligence and resources.

A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.

Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence, Threat feed, Open source feed.

An IOC collection for the Cellebrite UFED forensic toolkit.

IOC matching for incident responders, threat hunters, detection engineers, and security engineers.

Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.