Alternatives and detailed information of ThreatKB

A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.

Stars: ✭ 66 (-2.94%)

Mutual labels: yara, yara-rules

Yargen

yarGen is a generator for YARA rules

Stars: ✭ 795 (+1069.12%)

Mutual labels: malware-research, yara

Rpot

Real-time Packet Observation Tool

Stars: ✭ 38 (-44.12%)

Mutual labels: malware-research, yara

PhishingKit-Yara-Search

Yara scan Phishing Kit's Zip archive(s)

Stars: ✭ 24 (-64.71%)

Mutual labels: yara, yara-rules

Python Iocextract

Defanged Indicator of Compromise (IOC) Extractor.

Stars: ✭ 300 (+341.18%)

Mutual labels: malware-research, yara

binlex

A Binary Genetic Traits Lexer Framework

Stars: ✭ 303 (+345.59%)

Mutual labels: malware-research, yara

yara-forensics

Set of Yara rules for finding files using magics headers

Stars: ✭ 115 (+69.12%)

Mutual labels: yara, yara-rules

factual-rules-generator

Factual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.

Stars: ✭ 62 (-8.82%)

Mutual labels: yara, yara-rules

Multiscanner

Modular file scanning/analysis framework

Stars: ✭ 494 (+626.47%)

Mutual labels: malware-research, yara

Threatingestor

Extract and aggregate threat intelligence.

Stars: ✭ 439 (+545.59%)

Mutual labels: malware-research, yara

Apkid

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

Stars: ✭ 999 (+1369.12%)

Mutual labels: malware-research, yara

Stoq

An open source framework for enterprise level automated analysis.

Stars: ✭ 352 (+417.65%)

Mutual labels: malware-research, yara

PEiD

Yet another implementation of PEiD with yara

Stars: ✭ 12 (-82.35%)

Mutual labels: yara, yara-rules

yara-validator

Validates yara rules and tries to repair the broken ones.

Stars: ✭ 37 (-45.59%)

Mutual labels: yara, yara-rules

freki

🐺 Malware analysis platform

Stars: ✭ 327 (+380.88%)

Mutual labels: malware-research, yara

Freki

🐺 Malware analysis platform

Stars: ✭ 285 (+319.12%)

Mutual labels: malware-research, yara

threat-intel

Signatures and IoCs from public Volexity blog posts.

Stars: ✭ 130 (+91.18%)

Mutual labels: yara, yara-rules

View All Similar Projects ➔

NOTE: THIS REPO IS IN AN ALPHA STATE

ThreatKB is a knowledge base workflow management dashboard for Yara rules and C2 artifacts. Rules are categorized and used to denote intent, severity, and confidence on accumulated artifacts.

To start using ThreatKB, follow our guide.

Installing by Docker is the currently recommended way of setting up ThreatKB, directions are included as the first link in the wiki. Installation by source is included in the wiki as well.

Thank You

ThreatKB utilizes Plyara to parse yara rules into python dictionaries. A huge thank you to the Plyara team! Links to the project are below:

https://github.com/8u1a/plyara https://github.com/8u1a/plyara/blob/master/LICENSE

When a release is created, the system first pulls all signatures that are in the release state. Then, it gathers all signatures that are in the staging state and checks their revision history for the most recently released revision that is in the release state. If it finds it, it will include it in the release. If it does not find any previously released revisions, it will skip the signature.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

InQuest / ThreatKB

Programming Languages

Labels

Projects that are alternatives of or similar to ThreatKB

NOTE: THIS REPO IS IN AN ALPHA STATE

Table of Contents

Thank You