ThreatBook CTI Threat Intelligence Feeds Bundles
- IOC Bundle: This bundle includes curated domains and IP indicators (with ports when applicable) for compromise detection. It contains C&C addresses, malware distribution sites, fraud and phishing sites, crypto mining addresses, and DNS logs domains communicating with malware or threat actors/APT groups. Each indicator includes threat verdicts, threat labels (related malware, threat actors/groups, threat campaigns), and lifecycle times.
Samples Download
- IP Reputation Bundle: This bundle provides IP reputation context for inbound visitors. It includes IP addresses with threat verdicts, threat labels (asset category, malicious behaviors, network information), geolocations, and lifecycle times.
Samples Download
- Hash Feeds: This bundle provides newly identified malicious file hashes on a daily basis. Each feed package includes threat classification, threat name, verdict, and scan time information for reliable file-based detection.
Samples Download
- URL Feeds: This bundle provides newly identified malicious URLs on a daily basis. Each feed package includes verdict and scan time information to support automated URL detection and monitoring.
Samples Download
- Reports Feeds: This bundle provides newly published threat intelligence reports on a daily basis. Each feed package includes structured intelligence related to the reported incidents, such as associated threat actors, indicators, CVE information, MITRE ATT&CK techniques, victims, malware, and attack tools.
Samples Download
- Actors Feeds: This API provides threat actor intelligence as a full dataset. Each feed package includes foundational actor information, such as actor name, aliases, actor type, motivations, and other basic attributes.
Samples Download