Question 1

How do I download all APTnotes reports at once?

Accepted Answer

Use the scripts in the separate APTnotes/tools repository, which handle authentication and bulk download from Box. The README references this under 'How can I download all the reports from Box?' with a link to the tools repo.

Question 2

APTnotes vs MITRE ATT&CK for APT research?

Accepted Answer

APTnotes is a curated archive of real-world reports and blogs, providing historical context and source material. MITRE ATT&CK is a framework for categorizing adversary tactics and techniques. Use APTnotes for raw data and MITRE ATT&CK for structured analysis and mapping.

Question 3

How to contribute a new APT report to APTnotes?

Accepted Answer

Notify via Twitter with #aptnotes, contact @aptnotes directly, or create a GitHub issue using the provided template. If the report is HTML, convert it to a clean PDF first, as per the contribution guidelines in the README.

Question 4

What tools can I build with APTnotes data?

Accepted Answer

You can integrate it into threat intelligence platforms, dashboards, or research tools for trend analysis. For example, Threat Miner consumes this data, and the structured CSV/JSON format allows easy parsing with languages like Python or JavaScript.

Question 5

Is APTnotes data updated regularly?

Accepted Answer

Updates are irregular and community-dependent, with no fixed schedule. Check the GitHub repository for recent commits or issues to see new additions, as there's no automated pipeline for real-time updates.

Question 6

How to parse APTnotes JSON in Python for analysis?

Accepted Answer

Use Python's json module to load the APTnotes.json file, then process the list of dictionaries containing metadata. For example, you can filter by year or source to analyze specific APT groups or time periods.

APT Notes

What is APT Notes?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions