Collection of IOCs related to targeting of civil society. If you're interested, I also compile a list of Reports detailing attacks against activists, dissidents and journalists.
You will find a targeted.csv file containing the list of indicators, a disabled.csv which contains incomplete indicators, and targetedthreats.rules which contains usable Snort rules generated from the indicators list.
The utility snortify.py is used to generate the Snort rules.
The utility extract.py is just simply to easily extract list of IPs and/or domains:
usage: extract.py [-h] [--all] [--ip] [--domains] ioc_path Targeted Threats IOC Extractor positional arguments: ioc_path optional arguments: -h, --help show this help message and exit --all, -a Get all indicators --ip, -i Get only IP addresses --domains, -d Get only domains
The file samples.csv contains a list of file hashes extracted from all the collected reports.
The source code in this repository is licensed under BSD 3-Clause and copyrighted by Claudio Guarnieri.
The list of indicators is licensed under CC BY-SA 4.0.