How do I download all APTnotes reports at once?

Use the scripts in the separate APTnotes/tools repository, which handle authentication and bulk download from Box. The README references this under 'How can I download all the reports from Box?' with a link to the tools repo.

APTnotes vs MITRE ATT&CK for APT research?

APTnotes is a curated archive of real-world reports and blogs, providing historical context and source material. MITRE ATT&CK is a framework for categorizing adversary tactics and techniques. Use APTnotes for raw data and MITRE ATT&CK for structured analysis and mapping.

How to contribute a new APT report to APTnotes?

Notify via Twitter with #aptnotes, contact @aptnotes directly, or create a GitHub issue using the provided template. If the report is HTML, convert it to a clean PDF first, as per the contribution guidelines in the README.

What tools can I build with APTnotes data?

You can integrate it into threat intelligence platforms, dashboards, or research tools for trend analysis. For example, Threat Miner consumes this data, and the structured CSV/JSON format allows easy parsing with languages like Python or JavaScript.

Is APTnotes data updated regularly?

Updates are irregular and community-dependent, with no fixed schedule. Check the GitHub repository for recent commits or issues to see new additions, as there's no automated pipeline for real-time updates.

How to parse APTnotes JSON in Python for analysis?

Use Python's json module to load the APTnotes.json file, then process the list of dictionaries containing metadata. For example, you can filter by year or source to analyze specific APT groups or time periods.

Open-Awesome

APT Notes

A repository of publicly-available reports and blogs on APT (Advanced Persistent Threat) campaigns, activity, and software, organized by year.

GitHub

1.8k stars292 forks0 contributors

What is APT Notes?

APTnotes is a repository that collects and organizes publicly-available papers, blogs, and reports related to APT (Advanced Persistent Threat) groups, campaigns, and tool-sets. It solves the problem of these reports being lost, taken down, or difficult to track over time by providing a structured, chronological archive with metadata. The data is available in CSV and JSON formats for easy integration and analysis.

Target Audience

Security researchers, DFIR (Digital Forensics and Incident Response) professionals, threat intelligence analysts, and infosec practitioners who need access to historical APT reports for investigation, context, or trend analysis.

Value Proposition

Developers and security teams choose APTnotes because it offers a centralized, community-maintained archive of APT-related reports that might otherwise disappear, ensuring long-term accessibility and supporting threat intelligence workflows without proprietary restrictions.

Overview

APTnotes data

Use Cases

Best For

Researching historical APT campaigns and threat actor activity
Building threat intelligence platforms or feeds with structured APT data
Conducting digital forensics and incident response (DFIR) investigations
Analyzing trends in advanced persistent threats over time
Academic or security training on APT tactics and techniques
Integrating APT report metadata into security tools or dashboards

Not Ideal For

Projects requiring real-time, automated threat intelligence feeds for live monitoring
Teams needing detailed technical indicators of compromise (IOCs) like IPs or malware hashes beyond report metadata
Organizations seeking a web-based, interactive platform for non-technical analysts without programming skills

Pros & Cons

Pros

Structured Metadata Access

Provides CSV and JSON files with key metadata like title, source, link, and SHA-1 hash, making it easy to integrate into analysis tools without parsing full reports, as detailed in the README's format examples.

Chronological Organization

Data is sorted by year in summary files and folders, enabling researchers to track APT activity trends over time, a core feature emphasized in the repository's structure.

Community-Driven Curation

Accepts contributions via Twitter, direct contact, or GitHub issues with a template, ensuring the archive grows with community input, as specified in the 'How can I help?' section.

Long-term Preservation

Archives reports on Box to prevent loss or takedowns, addressing the problem of inaccessible resources mentioned in the project's philosophy and ensuring availability for future research.

Cons

External Storage Dependency

Relies on Box for report storage, requiring separate scripts from the APTnotes/tools repo for bulk downloads, which adds setup complexity and potential access issues if Box policies change.

Manual Update Process

Lacks an automated feed; updates depend on community submissions and manual curation via issues or social media, leading to possible delays in incorporating new reports.

Limited Data Scope

Focuses on report metadata without including raw IOCs or full-text content, which may not suffice for advanced threat hunting or projects needing deeper technical analysis.

Frequently Asked Questions

Related Projects

Awesome Pentest

A collection of awesome penetration testing resources, tools and other shiny things

Stars25,932

Forks4,793

Last commit2 months ago

Awesome Hacking

A curated list of awesome Hacking tutorials, tools and resources

Stars16,188

Forks1,685

Last commit1 year ago

Security

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

Stars14,247

Forks2,208

Last commit3 months ago

Awesome CTF

A curated list of CTF frameworks, libraries, resources and softwares

Stars11,475

Forks1,614