Skip to content

anpa1200/CTI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

107 Commits
.github
.github
 
 
AI_PT
AI_PT
 
 
AI_Threat_Actors
AI_Threat_Actors
 
 
ATT&CK
ATT&CK
 
 
Anomaly_activity
Anomaly_activity
 
 
Attribution
Attribution
 
 
CTI-To-Detection
CTI-To-Detection
 
 
Infrastructure_pivoting
Infrastructure_pivoting
 
 
Insider_Attack_Detection
Insider_Attack_Detection
 
 
Kubernetes
Kubernetes
 
 
Pyramid-of-Pain-AI-Revision
Pyramid-of-Pain-AI-Revision
 
 
apt41-operation-dragonrx
apt41-operation-dragonrx
 
 
handala-hack-group
handala-hack-group
 
 
muddywater-seedworm
muddywater-seedworm
 
 
sandworm-apt44
sandworm-apt44
 
 
template
template
 
 
.gitignore
.gitignore
 
 
CITATION.cff
CITATION.cff
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
CTI_Advanced_Persistent_Threat_Research.md
CTI_Advanced_Persistent_Threat_Research.md
 
 
CTI_Handala_Hack_Group_Research.md
CTI_Handala_Hack_Group_Research.md
 
 
CTI_LLM_AI_MCP_KillChain_Research.md
CTI_LLM_AI_MCP_KillChain_Research.md
 
 
CTI_MuddyWater_Seedworm_Research.md
CTI_MuddyWater_Seedworm_Research.md
 
 
IOCs-blue-team.md
IOCs-blue-team.md
 
 
README.md
README.md
 
 
RESEARCH-CHARTER.md
RESEARCH-CHARTER.md
 
 
SECURITY.md
SECURITY.md
 
 
build_article_html.py
build_article_html.py
 
 
pdf_to_readme.py
pdf_to_readme.py
 
 

Repository files navigation

CTI

Evidence-labeled cyber threat intelligence reports designed to become hunts, detections, pivots, and defensible assessments.

License Last commit

Demo

Add screenshots of one HTML report, the evidence-label rubric, and the template directory.

What This Is For

This repository is for CTI analysts, SOC leads, and detection engineers who need structured threat reports with explicit confidence discipline. Each report should make clear what is observed, reported, assessed, or claimed.

What It Produces

Output Use
PDF report Formal reading and sharing
HTML report Web review
Evidence labels Claim discipline
Actor notes Research continuity
Templates Repeatable CTI production

Reports

Report Format Evidence model Assessment confidence summary
Handala / Void Manticore PDF + HTML Observed / Reported / Assessed / Claimed [user: confirm summary]
Sandworm / APT44 PDF + HTML Observed / Reported / Assessed / Claimed [user: confirm summary]
MuddyWater / Seedworm PDF + HTML Observed / Reported / Assessed / Claimed [user: confirm summary]

Quick Start

git clone https://github.com/anpa1200/CTI.git
cd CTI
find . -maxdepth 3 -type f | sort

How It Works

flowchart LR
  Sources[Sources] --> Evidence[Evidence labeling]
  Evidence --> Assessment[Analytic assessment]
  Assessment --> Attack[ATT&CK mapping]
  Attack --> Detection[Hunts / detections]
  Detection --> Report[PDF / HTML report]
Loading

Coverage

Area Coverage
Actors Handala / Void Manticore, Sandworm / APT44, MuddyWater / Seedworm
Labels Observed, Reported, Assessed, Claimed
Outputs PDF, HTML, templates
Use case CTI, SOC handoff, detection planning

Related Sites And Articles

How To Cite

Use the report title, repository URL, commit hash, and access date. See CITATION.cff.

Research Charter

See RESEARCH-CHARTER.md.

Limitations And Honesty

Public-source CTI is bounded by available reporting. Reports should not overstate attribution beyond evidence quality.

License

CC BY 4.0 recommended for reports and prose.

Security Policy

See SECURITY.md.

About

Evidence-labeled cyber threat intelligence reports and templates for actor research, attribution, hunting, and detection engineering.

1200km.com/cti.html

Topics

ioc osint apt attribution incident-response threat-hunting cti threat-intelligence mitre-attack defensive-security cyber-threat-intelligence attck detection-engineering

Resources

Readme

Contributing

Contributing

Security policy

Security policy
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages