Projects

WhoseDomain
Python command line tool to attribute domains and websites, i.e., to identify the entity that owns the domain or website. Given a domain name, if the WHOIS record does not identify a valid owner, then it tries to identify websites hosted on the domain and analyzes their infrastructure and web content to identify the identity of the owner.
Tool
WhoseDomain
IOC Searcher
Python tool to extract indicators of compromise (IOCs), also known as cyber observables, from HTML, PDF, and text files. It can identify both defanged (e.g., URL hxxp://example[DOT]com) and unmodified IOCs (e.g., URL http://example.com).
Code
IOC Searcher
Retriever
A cross-platform and cross-market attribution framework to identify developer accounts in mobile markets that belong to an operation. This approach automatically applies OSINT expansions to build an attribution graph that captures the indicators and how they were discovered, preserving the chain of inferences. Retriever finds more accounts than AV vendors (that use conventional methods) for 94% of the cases.
Poster
Retriever
AVClass
Malware labeling tool that extracts tags from malware samples, enabling rich searches. It is open source and greatly used by the community with more than 500 references and 400 stars on GitHub.
Code
AVClass