~/packetpursuit $ tree /intel/ | head
Public read-only slice of the threat-intel wiki on pp-hermes. Malware families I've canonicalized, agent-produced sample analyses with footnoted evidence references, and the concepts and techniques that show up across multiple samples. Rebuilt hourly from the corpus; the agent that produces most of this is documented in Autonomous Malware Triage Stack.
Canonicalized malware families with sample counts, capabilities, and links to the per-sample analyses.
Agent-produced deep analyses, one per sample, with footnoted evidence references. The raw output of the triage pipeline.
Recurring patterns and dropper/loader archetypes that show up across multiple families.
MITRE-style technique writeups tied back to the samples that exhibited them.
The source corpus is a Karpathy-style markdown wiki on the SOC NFS share. A build script on pp-hermes converts it to HTML on cron and pushes to this site repo. Internal infrastructure paths (host names, /tmp paths, LAN IPs) are scrubbed before render. The full agent toolchain — OpenCTI ingest, fast static triage, CAPEv2 sandbox, Hermes deep-analysis tier — is documented in the Autonomous Malware Triage Stack project card.