Indicators
- 0x27/linux.mirai – Leaked Linux.Mirai Source Code for Research/IoC Development Purposes.
- Neo23x0/signature-base – Signature base for my scanner tools.
- aptnotes/data – APTnotes data.
- botherder/targetedthreats – Collection of IOCs related to targeting of civil society.
- circl/osint-feed – Open Source Intelligence for MISP.
- citizenlab/malware-indicators – Citizen Lab Malware Reports.
- da667/667s_Shitlist – Hi kids, do you like cyber violence? Wanna see me destroy evil in the blink of an eyelid?
- eset/malware-ioc – Indicators of Compromises (IOC) of our various investigations.
- fireeye/iocs – FireEye Publicly Shared Indicators of Compromise (IOCs).
- jasonmiacono/IOCs – Indicators of compromise for threat intelligence.
- makflwana/IOCs-in-CSV-format – The repository contains IOCs in CSV format for APT, Cyber Crimes, Malware and Trojan and whatever I found as part of hunting and research.
- pan-unit42/iocs – Indicators from Unit 42 Public Reports.
Snort Signatures
- Snort Downloads – Signatures for the Snort (& Suircata) Intrusion Detection System.
- kingtuna/Signatures – A mixture of snort and suricata signatures.
Yara Signatures
- 0pc0deFR/YaraRules – Multiple rules for yara-project for detect compiler/packer/protector.
- citizenlab/malware-signatures – Yara rules for malware families seen as part of targeted threats project.
- kevthehermit/YaraRules – My Yara Rules Collection.
- OALabs/iocs – Machine-digestible malware indicators.
- x64dbg/yarasigs – Various Yara signatures (possibly to be included in a release later).
- Yara-Rules/rules – Repository of yara rules.
- InQuest/yara-rules – A collection of Yara rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
Tools
IOC Tools
- yahoo/PyIOCe – Python IOC Editor.
- mandiant/ioc_writer – Provide a python library that allows for basic creation and editing of OpenIOC objects.
- Neo23x0/yarGen – yarGen is a generator for YARA rules.
- InQuest/iocextract – Advanced Indicator of Compromise (IOC) extractor.
- InQuest/ThreatIngestor – Flexible framework for consuming threat intelligence.
IOC Formats
- mandiant/OpenIOC_1.1 – This repository contains a revised schema, iocterms file, and other supporting documents which are the basis for a draft of a revised version of OpenIOC that we are calling OpenIOC 1.1.
- MISP Malware Information Sharing Platform & Threat Sharing format – Specifications used in the MISP project including MISP core format.
- Mitre Cyber Observable eXpression (CybOX™) – This site contains archived CybOX documentation.
- Mitre Malware Attribute Enumeration and Characterization (MAEC™) – A schema for understanding malware.
- Mitre Structured Threat Information eXpression (STIX™) – A structured language for cyber threat intelligence.
- Yara – The pattern matching swiss knife for malware researchers (and everyone else).