Top Related Projects
Quick Overview
The aptnotes/data repository is a collection of data files related to the Advanced Persistent Threat (APT) groups, including information about their activities, targets, and tools. This repository serves as a valuable resource for researchers, security professionals, and anyone interested in understanding the threat landscape of APT groups.
Pros
- Comprehensive Data: The repository contains a wide range of data files covering various aspects of APT groups, providing a comprehensive overview of the threat landscape.
- Regularly Updated: The repository is actively maintained, with new data and updates being added on a regular basis, ensuring the information remains current.
- Diverse Formats: The data is available in various formats, including CSV, JSON, and XML, making it accessible to users with different data processing requirements.
- Community-Driven: The repository is a collaborative effort, with contributions from security researchers and professionals, ensuring the data is reliable and accurate.
Cons
- Potential Bias: As the data is collected from various sources, there may be some inherent bias or inconsistencies in the information.
- Limited Context: While the data provides detailed information about APT groups, it may lack the broader context and analysis that could help users better understand the implications and significance of the data.
- Accessibility: The repository may not be easily accessible or user-friendly for individuals without a strong background in cybersecurity or data analysis.
- Legal Considerations: The use of the data may be subject to legal or ethical considerations, particularly when it comes to the privacy and security of the individuals or organizations involved.
Getting Started
To get started with the aptnotes/data repository, you can follow these steps:
- Clone the repository to your local machine:
git clone https://github.com/aptnotes/data.git
-
Explore the directory structure and familiarize yourself with the available data files. The repository is organized into various subdirectories, each containing data related to specific APT groups or topics.
-
Determine the data format(s) that best suit your needs, whether it's CSV, JSON, or XML.
-
Use your preferred data processing tools or programming languages to read and analyze the data. For example, you can use Python's
pandaslibrary to work with the CSV files:
import pandas as pd
# Load a CSV file
df = pd.read_csv('aptnotes/data/apt_groups/apt_group_info.csv')
# Explore the data
print(df.head())
print(df.info())
-
Combine the data from multiple files or sources to gain a more comprehensive understanding of the APT landscape.
-
Stay up-to-date with the repository by regularly checking for new updates and contributions.
Remember to always use the data responsibly and in compliance with any applicable laws and regulations.
Competitor Comparisons
Cyber Threat Intelligence Repository expressed in STIX 2.0
Pros of mitre/cti
- Comprehensive coverage of threat actor groups, malware, and attack techniques
- Structured data format (STIX) for easy integration with security tools
- Active community contributions and updates
Cons of mitre/cti
- Complexity of the STIX format may be a barrier for some users
- Limited support for non-English languages
- Potential for outdated information due to the dynamic nature of the threat landscape
Code Comparison
mitre/cti (STIX):
{
"type": "threat-actor",
"id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"created": "2014-06-23T00:00:00.000Z",
"modified": "2014-06-23T00:00:00.000Z",
"name": "Adversary Bravo",
"description": "Adversary Bravo is a threat actor group that focuses on espionage activities."
}
aptnotes/data (CSV):
name,type,description,references
Adversary Bravo,Threat Actor,Adversary Bravo is a threat actor group that focuses on espionage activities.,https://example.com/adversary-bravo
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Pros of MISP
- MISP is a comprehensive threat intelligence platform that allows for the sharing and analysis of cyber threat information.
- MISP has a large and active community of users and contributors, providing a wealth of resources and support.
- MISP offers a wide range of features, including event management, taxonomies, and correlation capabilities.
Cons of MISP
- MISP can have a steeper learning curve compared to the more straightforward aptnotes/data repository.
- MISP may require more resources (e.g., server infrastructure) to set up and maintain, compared to the simpler aptnotes/data.
Code Comparison
MISP:
from pymisp import ExpandedPyMISP, MISPEvent, MISPObject
from keys import misp_url, misp_key
misp = ExpandedPyMISP(misp_url, misp_key, debug=True)
event = MISPEvent()
event.info = 'New event'
event.publish()
misp.add_event(event)
aptnotes/data:
import csv
with open('apt_notes.csv', 'r') as file:
reader = csv.DictReader(file)
for row in reader:
print(row['Group'], row['Malware'])
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
What is it?
APTnotes is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets.
Where's that data?
In the original repo, we maintained an ongoing README with links to all of the reports in some form (we tried) order. We also stored all of the reports in year named folders within the repo itself (we ran out of room).
To solve the storage problem, we have moved everything over to Box (thanks Box!). In order to maintain chronological order (and our sanity) we have migrated to CSV and JSON summary file(s).
How can I download all the reports from Box?
Use one of the scripts within this repo: https://github.com/aptnotes/tools
- For historical context, see: https://github.com/aptnotes/data/issues/50
APTnotes.csv
APTnotes.csv This a CSV summary file used to keep track of all the data
Format
| Filename | Title | Source | Link | SHA-1 | Date | Year |
|---|---|---|---|---|---|---|
| Name of the file | Title of the report | Vendor | Box Link to the report | SHA-1 of report | Date of report release | Year of release |
APTnotes.json
APTnotes.json -- This is a converted version of the CSV format
Format
Example
[{"sha1": "3e6399a4b608bbd99dd81bd2be4cd49731362b5e", "Title": "How China Will Use Cyber Warfare", "Filename": "Fritz_HOW-CHINA-WILL-USE-CYBER-WARFARE(Oct-01-08)", "Source": "Jason Fritz", "Link": "https://app.box.com/s/696xnzy1an3jbm3b212y5n8xieirbemd", "Year": "2008", "Date": "10/1/08"},
How can I help?
There are multiple ways to get a report added:
- Notify us via Twitter using the hash tag #aptnotes
- Example:
new report by vendor on this group - link #aptnotes
- Example:
- Reach out to us directly
- Create a new issue on Github including the data you want added (using the default issue template)
- We created an issue template to take the guesswork out of things
- If the document is only available in HTML, print a "clean" version (e.g. with Print Friendly or similar) to PDF
- We created an issue template to take the guesswork out of things
Why do we do it?
Like almost every open-source project, this is a labor of love. There are so many reports out there, and they either get lost in the mix or taken down before you get a chance to read them. This is our effort to:
- 1. Make sure these lovely reports get consumed
- 2. Ensure the people of #DFIR #infosec know what's out there
- 3. Hopefully add some context to the chaos
How is this data being utilized?
At present (that we know of...) these current projects consume this repo and make magical things happen:
Thank You
This project would not be where it is without the people that have helped along the way, thank you contributors
Top Related Projects
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot