The Hunter's Ledger Banner

Welcome to The Hunter’s Ledger — a repository of original threat intelligence research produced by a solo analyst and published for the defender community. Every report here starts with hands-on malware analysis and ends with structured, evidence-based intelligence: technically deep enough to trust, clear enough to act on. The mission isn’t just to document findings — it’s to publish them while they’re still relevant, before the threats they describe are already yesterday’s problem.

Feel free to contribute or reach out with information, questions, or suggestions!

Mission

These are the principles behind every piece of work on this site:

  • Share reproducible research and technical reports from my own investigations and hunting
  • Provide IOCs formatted for direct ingestion into threat hunting and detection engineering workflows
  • Map findings to MITRE ATT&CK techniques to give defenders a common language for what they’re looking at
  • Publish detection logic — Sigma, YARA, Suricata — written to public repository submission standards
  • Above all, publish findings while they’re still relevant, not months after threats are already active

Note: This is not a collection of open source intel reports, IOCs, or TTPs.
Findings are from my own research as well as others that contribute, though they may overlap with known threats.
Looking for an open source collection? let me know, I can help point you to sources or to learn how to make your own!

About Me

Behind the Reports

Curious about how the intelligence on this site is produced? This page explains the AI-assisted workflow built to turn malware analysis into timely, trustworthy threat intelligence — including the agents, skill frameworks, hooks, and design principles behind every report.

Repository Structure

  • Reports → Detailed malware analysis and reverse engineering notes License: All Rights Reserved — free to read, but reuse requires written permission.

  • Hunting Detections → Sigma/YARA rules and detection logic License: Creative Commons BY-NC — free to use in your environment, but not for commercial use.

  • IOC Feeds → Indicators of Compromise feeds License: Creative Commons BY-NC — free to use in your environment, but not for commercial use.

  • Report Templates → Consistent format for reports

Report Format

Each report follows a consistent structure: Report Templates

Usage

  • Import IOC feeds into your SIEM/EDR and threat hunting workflows
  • Adapt detection logic for your environment or use them for quick hunts
  • Use ATT&CK mappings for threat modeling or attack simulation
  • Reference reverse engineering notes for deeper analysis
  • Import into your CTI platform of choice

Contributing

Contributions are welcome!

  • Fork the repo and submit a PR with new reports, detections, or IOCs.
  • Follow the report format for consistency.
  • Or simply reach out to me and we can discuss — I can post something on your behalf as a co-author.

Resources

License

License for Reports Section

© 2025 Joseph. All rights reserved.
The reports in Reports are made publicly available for reading and reference purposes only.
They may not be reproduced, redistributed, modified, or incorporated into other projects without prior written permission from the author.

Permissions

  • You may view and reference the reports for personal or organizational research.
  • You may cite the reports in academic or professional work with proper attribution.

Restrictions

  • Redistribution of the reports in whole or in part is prohibited without written consent.
  • Commercial use, including incorporation into products, services, or paid publications, is prohibited without written consent.
  • Modification or derivative works based on these reports are prohibited without written consent.

License for Detections and IOCs Sections

The detection rules in Hunting Detections and IOC feeds in IOC Feeds are licensed under the Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) license.

Permissions

  • You are free to use, adapt, and share the detection rules and IOC feeds for non-commercial purposes.
  • You must provide appropriate attribution to the author when using or adapting the work.

Restrictions Commercial use is prohibited. You may not sell, license, or incorporate these detections/IOCs into paid products or services without prior written permission.

  • Redistribution must include attribution and a link back to this repository.

Attribution Please credit as:
“Threat Intelligence Reports by Joseph” (https://github.com/PixelatedContinuum/Threat-Intel-Reports/)