crocodyli crocodyli

🐊 About

Threat intel analyst tracking adversaries where they operate — from intrusion tooling and MITRE ATT&CK TTPs to ransom notes and negotiation chats.

I break things to understand how they work. Sometimes they talk back.

Repository of a threat intel analyst who tries to help the world be a better place...

🎯 Focus Areas

  ┌─────────────────────────────────────────────────────────────┐
  │  THREAT ACTORS  ·  RANSOMWARE  ·  MITRE ATT&CK  ·  DFIR    │
  │  IoCs  ·  CVEs  ·  Behavioral CTI  ·  Extortion Lifecycle  │
  └─────────────────────────────────────────────────────────────┘

🕵️

Threat Actors
_{Profiles, history & trajectory}

🔒

Ransomware
_{Groups, affiliates & extortion}

🛡️

MITRE ATT&CK
_{TTP mapping & kill chain}

🔍

DFIR / CTI
_{Commands, artifacts & IoCs}

📂 Featured Repositories

🗂️ ThreatActors-TTPs

Open-source knowledge base mapping Tactics, Techniques & Procedures of ransomware operators and threat actors — aligned with MITRE ATT&CK, including group history, exploited CVEs, commands, tools, and artifact locations.

Used by projects like RANSOMWARE.LIVE and the wider CTI community.

💬 RansomDialect

Behavioral CTI profiles of ransomware negotiation chats — how each threat actor talks, pressures, and closes deals. 25 actor profiles derived from Ransomchats, cross-referenced with ThreatLabz, RTM, and ThreatActors-TTPs.

  T-7d → T-1h          T+0              T+N
  RTM + crocodyli  →  ThreatLabz  →  RansomDialect
  (intrusion/hunt)    (ransom note)    (negotiation chat)

🇧🇷 BR-Forum-CSIRTs

Analytics, tools, and automation from CSIRT Forum presentations (2023–2024). Insights on malware operations, IoCs, TTPs, and sandboxing — bridging the Brazilian security community with practical CTI resources.

🛠️ Stack & Frameworks

📊 GitHub Stats

🤝 Collaboration

Contributions are always welcome — whether it's a new TTP mapping, a CVE reference, or a negotiation profile.

Project	How to contribute
ThreatActors-TTPs	Open an issue or PR with actor profiles, TTPs, or CVE data
RansomDialect	Help expand behavioral profiles and cross-references
BR-Forum-CSIRTs	Share tools and techniques from the community

📡 Connect

_{📍 127.0.0.1 · For research, defense, and threat intelligence only.}

_{Built with curiosity. Maintained with purpose. 🐊}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly