Threat Analysis

A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.

A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.

A Python library that provides an interface to query ThreatCrowd's API for threat intelligence data including email, IP, domain, and antivirus reports with built-in caching capabilities.

PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.

A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.

A comprehensive library documenting Amazon S3 attack scenarios and risk-based mitigation strategies for cloud storage security.

PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.

MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.

A community-driven informational repository providing resources and guidance for hunting adversaries in IT environments.

OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.

CyberOwl aggregates and summarizes daily security advisories from multiple CERT organizations and threat intelligence sources into consolidated reports.

A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.

ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.

A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.

A visualization tool for threat analysis that organizes APT campaign information and visualizes relations of IOC.

Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.

Machine learning project for intuitive threat analysis with a web interface.

A tool that checks if domains are present in Alexa or Cisco top one million domain lists for reputation assessment and threat analysis.

Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.

CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.

A publicly available dataset of security incidents designed to support cybersecurity research and threat analysis.

Open-source observable analysis engine and companion tool for TheHive platform

ActorTrackr is an open source web application for storing, searching, and linking threat actor intelligence data from public repositories and user contributions.

Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping.