ThreatKB is a knowledge base workflow management dashboard for YARA rules and C2 artifacts. Rules are categorized and used to denote intent, severity, and confidence in accumulated artifacts. To start using ThreatKB, check out our wiki. Installing by Docker is the currently recommended way of setting up ThreatKB, directions are included as the first link in the wiki. Installation by source is included in the wiki as well. ThreatKB utilizes Plyara to parse YARA rules into Python dictionaries. A huge thank you to the Plyara team! When a release is created, the system first pulls all signatures that are in the release state. Then, it gathers all signatures that are in the staging state and checks their revision history for the most recently released revision that is in the release state. If it finds it, it will include it in the release. If it does not find any previously released revisions, it will
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
A project sharing malicious URLs used for malware distribution to help protect networks.
A collection of public YARA signatures for various malware families.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A nonprofit security organization that collects and shares threat data to make the Internet more secure.
yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.
A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.