Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sroberts/awesome-iocs

A collection of sources of indicators of compromise.
https://github.com/sroberts/awesome-iocs

List: awesome-iocs

awesome awesome-list ioc signature yara-rules

Last synced: 5 days ago
JSON representation

A collection of sources of indicators of compromise.

Host: GitHub
URL: https://github.com/sroberts/awesome-iocs
Owner: sroberts
License: other
Created: 2016-11-21T06:07:44.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2024-04-20T05:28:11.000Z (7 months ago)
Last Synced: 2024-05-19T21:59:47.668Z (6 months ago)
Topics: awesome, awesome-list, ioc, signature, yara-rules
Language: Shell
Homepage:
Size: 52.7 KB
Stars: 746
Watchers: 61
Forks: 107
Open Issues: 6
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

awesome-security-awesome - awesome-iocs
Hacking-Awesome - - Collection of sources of indicators of compromise (Uncategorized / Uncategorized)
Awesome-Hacking - IOC
awesome-security-collection - **420**星
ultimate-awesome - awesome-iocs - A collection of sources of indicators of compromise. (Other Lists / PowerShell Lists)
jimsghstars - sroberts/awesome-iocs - A collection of sources of indicators of compromise. (Shell)
awesome-github-repos - sroberts/awesome-iocs - A collection of sources of indicators of compromise. (Shell)
fucking-Awesome-Hacking - IOC

README

        # Awesome IOCs [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

An [awesome](https://github.com/sindresorhus/awesome) collection of indicators of compromise (and a few IOC related tools).

## Contents

- [IOCs](https://github.com/sroberts/awesome-iocs#iocs)

  - [Indicators](https://github.com/sroberts/awesome-iocs#indicators)

  - [Snort Signatures](https://github.com/sroberts/awesome-iocs#snort-signatures)

  - [Yara Signatures](https://github.com/sroberts/awesome-iocs#yara-signatures)

- [Tools](https://github.com/sroberts/awesome-iocs#tools)

  - [IOC Tools](https://github.com/sroberts/awesome-iocs#ioc-tools)

  - [IOC Formats](https://github.com/sroberts/awesome-iocs#ioc-formats)

## IOCs

### Indicators

- [0x27/linux.mirai](https://github.com/0x27/linux.mirai) - Leaked Linux.Mirai Source Code for Research/IoC Development Purposes.

- [Neo23x0/signature-base](https://github.com/Neo23x0/signature-base) - Signature base for my scanner tools.

- [aptnotes/data](https://github.com/aptnotes/data) - APTnotes data.

- [botherder/targetedthreats](https://github.com/botherder/targetedthreats) - Collection of IOCs related to targeting of civil society.

- [circl/osint-feed](https://www.circl.lu/doc/misp/feed-osint/) - Open Source Intelligence for MISP.

- [citizenlab/malware-indicators](https://github.com/citizenlab/malware-indicators) - Citizen Lab Malware Reports.

- [da667/667s_Shitlist](https://github.com/da667/667s_Shitlist) - Hi kids, do you like cyber violence? Wanna see me destroy evil in the blink of an eyelid?

- [eset/malware-ioc](https://github.com/eset/malware-ioc) - Indicators of Compromises (IOC) of our various investigations.

- [fireeye/iocs](https://github.com/fireeye/iocs) - FireEye Publicly Shared Indicators of Compromise (IOCs).

- [jasonmiacono/IOCs](https://github.com/jasonmiacono/IOCs) - Indicators of compromise for threat intelligence.

- [makflwana/IOCs-in-CSV-format](https://github.com/makflwana/IOCs-in-CSV-format) - The repository contains IOCs in CSV format for APT, Cyber Crimes, Malware and Trojan and whatever I found as part of hunting and research.

- [nshc-threatrecon/IoC-List](https://github.com/nshc-threatrecon/IoC-List) - NSHC ThreatRecon IoC Repository

- [pan-unit42/iocs](https://github.com/pan-unit42/iocs) - Indicators from Unit 42 Public Reports.

- [swisscom/detections](https://github.com/swisscom/detections) - This repo contains threat intelligence information and threat detection indicators (IOC, IOA) shared by Swisscom CSIRT.

### Snort Signatures

- [Snort Downloads](https://www.snort.org/downloads) - Signatures for the Snort (& Suricata) Intrusion Detection System.

- [kingtuna/Signatures](https://github.com/kingtuna/Signatures) - A mixture of snort and suricata signatures.

### Yara Signatures

- [0pc0deFR/YaraRules](https://github.com/0pc0deFR/YaraRules) - Multiple rules for yara-project for detect compiler/packer/protector.

- [InQuest/yara-rules](https://github.com/InQuest/yara-rules) - A collection of Yara rules we wish to share with the world, most probably referenced from [http://blog.inquest.net](http://blog.inquest.net).

- [OALabs/iocs](https://github.com/OALabs/iocs) - Machine-digestible malware indicators.

- [Yara-Rules/rules](https://github.com/Yara-Rules/rules) - Repository of yara rules.

- [advanced-threat-research/Yara-Rules](https://github.com/advanced-threat-research/Yara-Rules) - Repository of YARA rules made by McAfee ATR Team

- [citizenlab/malware-signatures](https://github.com/citizenlab/malware-signatures) - Yara rules for malware families seen as part of targeted threats project.

- [intezer/yara-rules](https://github.com/intezer/yara-rules) - Yara rules from Intezer.

- [kevthehermit/YaraRules](https://github.com/kevthehermit/YaraRules) - My Yara Rules Collection.

- [reversinglabs/reversinglabs-yara-rules](https://github.com/reversinglabs/reversinglabs-yara-rules) - ReversingLabs YARA Rules.

- [x64dbg/yarasigs](https://github.com/x64dbg/yarasigs) - Various Yara signatures (possibly to be included in a release later).

## Tools

### IOC Tools

- [InQuest/ThreatIngestor](https://github.com/InQuest/ThreatIngestor) - Flexible framework for consuming threat intelligence.

- [InQuest/iocextract](https://github.com/inquest/python-iocextract) - Advanced Indicator of Compromise (IOC) extractor.

- [Neo23x0/yarGen](https://github.com/Neo23x0/yarGen) - yarGen is a generator for YARA rules.

- [mandiant/ioc_writer](https://github.com/mandiant/ioc_writer) - Provide a python library that allows for basic creation and editing of OpenIOC objects.

- [yahoo/PyIOCe](https://github.com/yahoo/PyIOCe) - Python IOC Editor.

- [ninoseki/mitaka](https://github.com/ninoseki/mitaka#downloads) - Browser extension to lookup IoCs/observables on many sources.

### IOC Formats

- [MISP Malware Information Sharing Platform & Threat Sharing format](https://github.com/MISP/misp-rfc) - Specifications used in the MISP project including MISP core format.

- [Mitre Cyber Observable eXpression (CybOX™)](https://cyboxproject.github.io/) - This site contains archived CybOX documentation.

- [Mitre Malware Attribute Enumeration and Characterization (MAEC™)](https://maecproject.github.io/) - A schema for understanding malware.

- [Mitre Structured Threat Information eXpression (STIX™)](https://stixproject.github.io/) - A structured language for cyber threat intelligence.

- [Yara](https://virustotal.github.io/yara/) - The pattern matching swiss knife for malware researchers (and everyone else).

- [mandiant/OpenIOC_1.1](https://github.com/mandiant/OpenIOC_1.1) - This repository contains a revised schema, iocterms file, and other supporting documents which are the basis for a draft of a revised version of OpenIOC that we are calling OpenIOC 1.1.

## License

This content uses the CC0 1.0 Universal (CC0 1.0)

Public Domain Dedication license.