30 open-source projects similar to aptnotes/data, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Data alternative.
This project is a community-curated repository of YARA rules used to detect malware, webshells, and other malicious patterns in files. It serves as a dataset of signatures for identifying known malware families, software packers, and threat intelligence indicators. The collection provides specialized detection capabilities for identifying exploit kits and anti-analysis evasion techniques, such as anti-debugging and anti-virtualization methods. It also includes signatures for cryptographic algorithm detection and the identification of unauthorized remote administration tools on servers. The r
This project is a cybersecurity educational resource and courseware designed for malware analysis and reverse engineering. It provides a structured curriculum of lessons, labs, and guided projects focused on detecting and understanding the behavior of malicious software. The resource includes a lab guide for building isolated virtual machine environments to safely execute and study malware. It covers the setup of a specialized toolchain consisting of disassemblers and debuggers used to analyze compiled machine code. The training material covers both static analysis, which examines binary cod
This repository contains indicators related to Unit 42 Public Reports.
MISP is an open-source threat intelligence sharing platform designed for collecting, storing, and distributing structured threat indicators and intelligence. At its core, it provides a distributed synchronization protocol for transferring events between instances, an attribute-based correlation engine that links matching indicators across events, and a REST API with an OpenAPI specification for programmatic access to threat data. The platform uses formal data formats for JSON, taxonomy, galaxy, and object templates to enable compatibility across tools and communities. The platform distinguish
Indicators of Compromises (IOC) of our various investigations
A framework for receiving and redistributing abuse feeds
A self-hosted sandbox for red teams to test payloads against modern detection before deployment. MCP integration lets an LLM agent drive analysis end to end.
Collection of IOCs related to targeting of civil society.
Collection of android malware samples
Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, IPInfo, Shodan, AbuseIPDB, GreyNoise, URLScan.io, Whois/RDAP, NIST, and VulnCheck. Supports LLM enrichment, IOC extraction, YARA scanning, and Android analysis.
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.
Cyber Threat Intelligence Feeds
Contributed by Check Point Software Technologies LTD. Programmed by Yaraslau Harakhavik
Pics is a comprehensive reference library providing visual documentation for binary file structures, character encodings, processor instruction sets, and hardware architecture maps. It serves as a centralized resource for the dissection and analysis of diverse binary formats, including executables, images, and archives. The project specializes in mapping complex specifications into visual layouts. This includes the creation of schematic diagrams to explain the physical and logical organization of hardware components and the maintenance of a catalog for processor opcodes across multiple hardwa