Threat intel analyst tracking adversaries where they operate — from intrusion tooling and MITRE ATT&CK TTPs to ransom notes and negotiation chats.
I break things to understand how they work. Sometimes they talk back.
Repository of a threat intel analyst who tries to help the world be a better place...
┌─────────────────────────────────────────────────────────────┐
│ THREAT ACTORS · RANSOMWARE · MITRE ATT&CK · DFIR │
│ IoCs · CVEs · Behavioral CTI · Extortion Lifecycle │
└─────────────────────────────────────────────────────────────┘
|
Threat Actors Profiles, history & trajectory |
Ransomware Groups, affiliates & extortion |
MITRE ATT&CK TTP mapping & kill chain |
DFIR / CTI Commands, artifacts & IoCs |
Open-source knowledge base mapping Tactics, Techniques & Procedures of ransomware operators and threat actors — aligned with MITRE ATT&CK, including group history, exploited CVEs, commands, tools, and artifact locations.
Used by projects like RANSOMWARE.LIVE and the wider CTI community.
Behavioral CTI profiles of ransomware negotiation chats — how each threat actor talks, pressures, and closes deals. 25 actor profiles derived from Ransomchats, cross-referenced with ThreatLabz, RTM, and ThreatActors-TTPs.
T-7d → T-1h T+0 T+N
RTM + crocodyli → ThreatLabz → RansomDialect
(intrusion/hunt) (ransom note) (negotiation chat)
Analytics, tools, and automation from CSIRT Forum presentations (2023–2024). Insights on malware operations, IoCs, TTPs, and sandboxing — bridging the Brazilian security community with practical CTI resources.
Contributions are always welcome — whether it's a new TTP mapping, a CVE reference, or a negotiation profile.
| Project | How to contribute |
|---|---|
| ThreatActors-TTPs | Open an issue or PR with actor profiles, TTPs, or CVE data |
| RansomDialect | Help expand behavioral profiles and cross-references |
| BR-Forum-CSIRTs | Share tools and techniques from the community |
📍 127.0.0.1 · For research, defense, and threat intelligence only.
Built with curiosity. Maintained with purpose. 🐊