Sources
This is the list of resources used by Maltiverse to collect threat intelligence data.
| Source name | Description | Type of IoC | Type of intelligence |
|---|---|---|---|
| Lancaster university | Lancaster University is a prominent academic institution that contributes to the field of cybersecurity through its research and development of threat intelligence, particularly in the area of indicators of compromise (IoCs). | URL | Malicious URL |
| Innovative Solutions | Innovative Solutions is a threat intelligence source that focuses on providing actionable insights and data related to cybersecurity threats, particularly through the analysis of indicators of compromise (IoCs). Specializing in advanced threat detection and response, Innovative Solutions leverages cutting-edge technologies and methodologies to identify emerging threats, malware behaviors, and vulnerabilities across various digital environments. | Sample | Generic Malware |
| ICANN InfoSec | ICANN InfoSec is a threat intelligence source that specializes in providing insights and data related to internet security, particularly focusing on domain name system (DNS) threats and vulnerabilities. | IP | Empire C&C |
| Cyberprotect | Cyberprotect is a threat intelligence source that specializes in providing comprehensive cybersecurity solutions and indicators of compromise (IoCs) to help organizations defend against a wide range of cyber threats. The platform focuses on monitoring and analyzing emerging threats, vulnerabilities, and attack vectors, offering actionable intelligence that enables businesses to detect, respond to, and mitigate risks effectively. | Hostname |
Botnet C&C Malware distribution site Citadel Malicious domain ZeuS |
| CERT-EE | CERT-EE, the Computer Emergency Response Team for Estonia, is a national cybersecurity initiative that specializes in providing threat intelligence and incident response services to organizations and individuals in Estonia. The team focuses on monitoring, analyzing, and responding to cyber threats, including malware, phishing, and other malicious activities that could impact the security of information systems. | Hostname, URL |
Phishing URL findings Phishing website for banking login credentials |
| UKHD | UKHD, or the UK Health Data, is a threat intelligence source that specializes in providing indicators of compromise (IoCs) and cybersecurity insights specifically tailored for the healthcare sector in the United Kingdom. | IP, Hostname, URL |
Emotet Malicious URL DanaBotGen:Application.Bundler.InstallIQ Gen:Variant.Bulz
|
| Telefonica CO CSIRT | Telefónica CO CSIRT (Computer Security Incident Response Team) is a dedicated cybersecurity unit within Telefónica that specializes in providing threat intelligence and incident response services to its clients and the broader community. | IP |
Botnet C&C DDoS attack Port Scan Brute-Force Hacking |
| 11Paths | 11Paths is a cybersecurity initiative developed by Telefónica that specializes in providing threat intelligence and indicators of compromise (IoCs) to help organizations enhance their security posture against various cyber threats. | URL |
Malicious URL Phishing Other |
| UraSec Team | UraSec Team is a threat intelligence source that specializes in the analysis and dissemination of indicators of compromise (IoCs) related to various cyber threats, including malware, phishing, and other malicious activities. The team focuses on researching and documenting the tactics, techniques, and procedures (TTPs) employed by cybercriminals. | IP, Hostname, URL |
Malicious URL Malware site ZeuS ET CNC Zeus Tracker Reported CnC Server TCP ET CNC Zeus Tracker Reported CnC Server UDP |
| Nextpart Security Intelligence | Nextpart Security Intelligence is a threat intelligence source that specializes in providing indicators of compromise (IoCs) and comprehensive insights into various cyber threats, with a focus on advanced persistent threats (APTs), malware, and emerging vulnerabilities. | IP, Hostname, URL |
Phishing Malware Phishing site Generic.Malware Malicious site |
| null | Null is a threat intelligence source that focuses on providing indicators of compromise (IoCs) and insights related to various cyber threats, particularly in the realm of malware and network security. The platform specializes in analyzing and documenting malicious activities, helping cybersecurity professionals identify and respond to emerging threats effectively. | IP, Hostname |
Kissing Malware Safe Site Top 1M Site Cobalt Strike Generic.Malware |
| ZL | ZL is a threat intelligence source that specializes in providing indicators of compromise (IoCs) and insights related to various cyber threats, particularly focusing on malware analysis and detection. The platform aggregates data from multiple sources to identify and document malicious activities, helping cybersecurity professionals understand the tactics, techniques, and procedures (TTPs) used by cyber adversaries. | IP, Hostname |
bluebot BlueMalware Download Bruteforce login attacker Covid19 scam |
| CSIRT-CL | CSIRT-CL is the Computer Security Incident Response Team for Chile, serving as a key threat intelligence source that specializes in providing indicators of compromise (IoCs) and guidance related to cybersecurity incidents affecting organizations and individuals in the country. | IP, Hostname |
Malware Generic.Malware Top 1M Site IMAP Attacker Mail Spammer |
| CrypticThreat | CrypticThreat is a threat intelligence source that specializes in the analysis and dissemination of indicators of compromise (IoCs) related to various cyber threats, with a particular focus on cryptographic malware and ransomware attacks. The platform provides detailed insights into the tactics, techniques, and procedures (TTPs) employed by cybercriminals, helping organizations understand and defend against sophisticated threats. | IP, Hostname, URL |
Emotet Malware Download GrandCrab Trickbot ET CNC Feodo Tracker Reported CnC Server TCP |
| Telefonica SOC BR | Telefonica SOC BR is a threat intelligence source operated by the Security Operations Center (SOC) of Telefónica in Brazil, specializing in the detection, analysis, and response to cyber threats affecting its customers and the broader digital landscape. This platform focuses on providing indicators of compromise (IoCs) related to various cyber threats, including malware, phishing, and advanced persistent threats (APTs). | IP |
ransomware revil Trojan.JS.Agent.JS IOCs Associated with Recent Emotet Campaign Covid19 scam Generic.Malware |
| IOC Nacional CL | IOC Nacional CL is a threat intelligence source based in Chile that specializes in providing indicators of compromise (IoCs) related to cyber threats affecting the national landscape. Operated by the Chilean government, this platform focuses on monitoring and analyzing cyber incidents, malware, and vulnerabilities that pose risks to organizations and individuals within the country. | IP, Hostname, URL |
Phishing Other Malware Download Generic.Malware phishing Malicious site |
| malwaredomainlist.com | MalwareDomainList.com is a threat intelligence source that specializes in tracking and cataloging domains associated with malware distribution and other malicious activities. The platform provides a comprehensive list of domains known to host or facilitate malware, phishing, and other cyber threats, making it a valuable resource for cybersecurity professionals and researchers | IP, Hostname, URL |
Malicious site gateway to EK Malicious domain b'gateway to EK' Malware site |
| Politie.nl | Politie.nl is the official website of the Dutch National Police, which serves as a vital source of threat intelligence and indicators of compromise (IoCs) related to cybercrime and other criminal activities in the Netherlands. The platform specializes in providing information on various cyber threats, including phishing, malware, and online fraud, while also offering resources for individuals and organizations to enhance their cybersecurity awareness and practices. | Hostname |
Phishing Phishing Other Safe Site Top 100K Site |
| RWTH | RWTH, or the Research Institute for Cyber Security at RWTH Aachen University, is a threat intelligence source that specializes in the study and analysis of cyber threats, vulnerabilities, and malware. The institute focuses on conducting advanced research in cybersecurity, providing valuable insights into the tactics, techniques, and procedures (TTPs) used by cyber adversaries. | IP, Hostname, URLServer TCP |
NTP Open Resolver Used in DDoS Generic.Malware ET CNC Feodo Tracker Reported CnC |
| DragonJAR - Seguridad Informática | DragonJAR – Seguridad Informática is a threat intelligence source that focuses on cybersecurity research and the dissemination of indicators of compromise (IoCs) related to various cyber threats, particularly in the Latin American region. | IP, Hostname, URL |
Malicious URL phishing Registraduria Malware Malware site Phishing Other |
| Dragon Research Group | Dragon Research Group is a threat intelligence source that specializes in the analysis and dissemination of indicators of compromise (IoCs) related to various cyber threats, particularly those involving advanced persistent threats (APTs) and sophisticated malware. | IP |
SSH Attacker VNC Attacker Malicious Host Malicious host HTTP Attacker |
| .BEware | .BEware is a threat intelligence source that focuses on providing indicators of compromise (IoCs) related to threats targeting the Belgian domain space and beyond. It specializes in monitoring and analyzing malicious activities, including phishing campaigns, malware distribution, and other cyber threats that affect organizations and individuals in Belgium. | IP, Hostname, URL |
darkside 2020 ecosystem sunburst solarwinds lockbit Generic.Malware Malicious site |
| tunPOT | unPOT is a threat intelligence source that specializes in monitoring and analyzing honeypots to gather indicators of compromise (IoCs) related to various cyber threats and attacks. By deploying decoy systems that simulate vulnerable services, tunPOT captures and logs malicious activities, providing valuable insights into the tactics, techniques, and procedures (TTPs) used by attackers. | IP, Hostname, URL |
Nymaim Gameover-zeus Tinba Tofsee |
| Zeustracker | Zeustracker is a threat intelligence source that specializes in tracking and providing indicators of compromise (IoCs) related to the Zeus malware family, particularly the Zeus banking Trojan. It operates by monitoring and cataloging the command and control (C2) servers associated with Zeus and its variants, offering valuable insights into the infrastructure used by cybercriminals. | IP, Hostname, URL |
ZeuS Malicious domain ET CNC Zeus Tracker Reported CnC Server UDP ET CNC Zeus Tracker Reported CnC Server TCP Malicious host |
| Cibercolmena | Cibercolmena is a threat intelligence platform that specializes in the collection and analysis of cyber threat data, focusing on indicators of compromise (IoCs) related to various forms of cybercrime, including malware, phishing, and ransomware attacks. | Hostname, URL |
Phishing BBVA Phishing ING Phishing Eurocaja Phishing Iberia Cards Phishing Santander |
| C-CIR-T | C-CIR-T (Cyber Crime Intelligence Report Team) is a threat intelligence platform that specializes in the collection, analysis, and dissemination of information related to cybercrime activities and threats. The platform focuses on providing indicators of compromise (IoCs), threat assessments, and detailed reports on various cyber threats, including malware, phishing, and advanced persistent threats (APTs). | IP, Hostname |
Blacklisted IP Tracker Malicious host Proxy HTTP Spammer Malicious Host |
| APT Notes | APT Notes is a threat intelligence platform that specializes in tracking and documenting advanced persistent threats (APTs) and their associated tactics, techniques, and procedures (TTPs). The platform provides detailed reports and indicators of compromise (IoCs) related to various APT groups, enabling cybersecurity professionals to understand the evolving threat landscape and the specific methods employed by these sophisticated adversaries. | IP, Hostname |
Malicious Host Generic.Malware Malicious site Malware site Top 1M Site |
| Dyndns.org | Dyndns.org, primarily known for its dynamic DNS services, also plays a role in threat intelligence by providing insights into domain name resolution and associated IP addresses. While its main function is to facilitate the mapping of dynamic IP addresses to domain names, it can be utilized by cybersecurity professionals to identify potentially malicious domains and track changes in their associated IPs. | IP, Hostname |
Ponmocup Phishing Other Generic.Malware Malicious site Social Engineering |
| Feodotracker | FeodoTracker is a specialized threat intelligence platform that focuses on monitoring and analyzing the Feodo banking Trojan and its associated infrastructure. This platform provides cybersecurity professionals with indicators of compromise (IoCs) related to the Feodo malware, which is notorious for stealing sensitive financial information and facilitating online fraud. | IP |
Feodo ET CNC Feodo Tracker Reported CnC Server TCP ET CNC Feodo Tracker Reported CnC Server UDP Emotet IP Blocklist Trojan.Emotet |
| VxVault | VxVault is a threat intelligence platform that specializes in the collection and analysis of malware samples, indicators of compromise (IoCs), and associated threat data. It serves as a repository for various types of malware, including ransomware, banking Trojans, and other malicious software, providing cybersecurity professionals with access to detailed information about malware behavior, distribution methods, and command-and-control infrastructure. | IP, Hostname, URL |
Malware distribution site Malware Download Covid19 scam Malicious URL Unwanted Software |
| FeodoTracker Abuse.ch | FeodoTracker, part of the Abuse.ch initiative, is a specialized threat intelligence platform that focuses on tracking and analyzing the Feodo banking Trojan and its associated infrastructure. By providing indicators of compromise (IoCs) related to this specific malware, FeodoTracker helps cybersecurity professionals identify and mitigate threats linked to the Feodo Trojan, which is known for stealing sensitive financial information and facilitating fraud. | IP |
ET CNC Feodo Tracker Reported CnC Server UDP ET CNC Feodo Tracker Reported CnC Server TCP QakBot Mail Spammer BumbleBee |
| Malware Domains | Malware Domains is a threat intelligence resource that specializes in identifying and cataloging domains associated with malicious activities, such as malware distribution, phishing, and command-and-control operations. By maintaining a comprehensive database of known malicious domains, Malware Domains provides cybersecurity professionals with actionable indicators of compromise (IoCs) that can be used to enhance threat detection and prevention efforts | IP, Hostname |
Inmortal malware domain Malicious domain Phishing Phishing Other Generic.Malware |
| ThreatCrowd | ThreatCrowd is a collaborative threat intelligence platform that specializes in aggregating and visualizing data related to cyber threats, including indicators of compromise (IoCs), malware samples, and threat actor information. | IP, Hostname |
Malicious Domain Malicious Host Sinkhole Malicious host Alexa Top 1 Million |
| CronUp Threat Intel | CronUp Threat Intel is a threat intelligence platform that specializes in providing comprehensive insights and indicators of compromise (IoCs) related to various cyber threats, including malware, ransomware, and phishing attacks. By leveraging advanced analytics and threat research, CronUp focuses on delivering timely and actionable intelligence to help organizations identify and mitigate potential security risks. | IP, Hostname, URL |
Emotet IP Blocklist ET CNC Feodo Tracker Reported CnC Server UDP ET CNC Feodo Tracker Reported CnC Server TCP Emotet List Generic.Malware |
| IP Blacklist Cloud | IP Blacklist Cloud is a threat intelligence service that specializes in providing real-time data on malicious IP addresses and domains, helping organizations protect their networks from cyber threats. By aggregating information from various sources, including user reports and threat intelligence feeds, IP Blacklist Cloud offers a comprehensive database of known malicious entities associated with activities such as spamming, phishing, and malware distribution. | IP |
HTTP Spammer Malicious Host WordPress attacker HTTP Attacker Bruteforce login attacker |
| CruzIT | CruzIT is a threat intelligence platform that specializes in providing actionable insights and indicators of compromise (IoCs) related to various cyber threats, including malware, phishing, and ransomware. By leveraging advanced analytics and threat research, CruzIT aims to equip organizations with the necessary tools and information to detect, prevent, and respond to cyber incidents effectively. | IP |
HTTP Attacker HTTP Spammer Malicious Host Bruteforce login attacker HTTP flood requests to the websites |
| Malwaremustdie.org | MalwareMustDie.org is a community-driven threat intelligence platform that specializes in the detection, analysis, and reporting of malware threats, particularly those affecting the Asia-Pacific region. Founded by a group of cybersecurity enthusiasts and experts, the platform focuses on sharing indicators of compromise (IoCs), malware samples, and detailed analysis of various malware families and their behaviors. | IP, Hostname, URL |
Malware distribution site Phishing Other Generic.Malware Social Engineering Covid19 scam |
| Cyber Threat Alliance | The Cyber Threat Alliance (CTA) is a collaborative organization that brings together cybersecurity companies and experts to share threat intelligence and enhance collective defenses against cyber threats. Specializing in the exchange of indicators of compromise (IoCs), the CTA focuses on improving the understanding of emerging threats, malware, and attack techniques across its member organizations. | IP, Hostname, Sample |
Generic Malware Virut Phishing SQL Injection HTTP Spammer |
| Microsoft | Microsoft is a leading technology company that provides a comprehensive threat intelligence platform, specializing in the collection and analysis of indicators of compromise (IoCs) related to various cyber threats, including malware, phishing, and advanced persistent threats (APTs). Through its Microsoft Threat Intelligence Center (MSTIC) and various security products, such as Microsoft Defender, the company leverages vast amounts of data from its global user base to identify emerging threats and vulnerabilities. | IP, Hostname |
Botnet C&C NjRAT CyberGate Malicious Host Botnet domain |
| Ransomware Tracker | Ransomware Tracker is a specialized threat intelligence source that focuses on providing indicators of compromise (IoCs) related to ransomware attacks. It aggregates and analyzes data from various ransomware incidents, offering insights into the tactics, techniques, and procedures (TTPs) used by cybercriminals. By compiling information on ransomware families, their associated malware samples, and the infrastructure they utilize, Ransomware Tracker serves as a valuable resource for cybersecurity professionals. | IP, Hostname, URL |
Ransomware Ransomware Locky distribution site Malicious domain Phishing Otherz Generic.Malware |
| Talos Intelligence | Talos Intelligence is a threat intelligence organization within Cisco that specializes in providing comprehensive cybersecurity insights and data to help organizations defend against a wide range of cyber threats. Talos focuses on analyzing malware, vulnerabilities, and emerging attack trends, offering actionable intelligence in the form of indicators of compromise (IoCs), threat reports, and security advisories. | IP |
Malicious host Anonymizer TOR Exit Node HTTP Spammer |
| TorProject.org | TorProject.org is the official website of the Tor Project, which specializes in providing privacy-focused tools and technologies, including the Tor network, designed to enable anonymous communication and browsing on the internet. While its primary focus is on privacy and anonymity, the Tor Project also plays a role in cybersecurity by highlighting the potential misuse of its network for illicit activities, such as the hosting of illegal content and cybercrime. | IP |
TOR Exit Node Anonymizer ET TOR Known Tor Exit Node TCP Traffic HTTP Spammer |
| GPF DNS Blocklist | The GPF DNS Blocklist is a threat intelligence resource that specializes in providing a comprehensive list of domains and IP addresses associated with malicious activities, including malware distribution, phishing, and other online threats. This blocklist is designed to enhance network security by allowing organizations to filter out harmful traffic at the DNS level, effectively preventing users from accessing known malicious sites. | IP |
HTTP Spammer Mail Spammer HTTP Attacker Bruteforce login attacker Malicious Host |
| Bambernek | Bambernek is a threat intelligence platform that specializes in the collection and analysis of indicators of compromise (IoCs) related to various cyber threats, including malware, phishing, and other forms of online abuse. The platform focuses on providing actionable intelligence to cybersecurity professionals by aggregating data from multiple sources, including user submissions and automated detection systems. | IP, Hostname |
Necurs Suppobox suppoboxnecurs Virut |
| Cybercrime-tracker.net | Cybercrime-tracker.net is a threat intelligence platform that specializes in monitoring and analyzing cybercrime activities, particularly focusing on the tracking of malicious IP addresses, domains, and other indicators of compromise (IoCs) associated with various online threats. The platform aggregates data from multiple sources, including user reports and automated detection systems, to provide insights into emerging cyber threats such as phishing, malware distribution, and fraud. | IP, Hostname, URL |
Pony Lokibot ZeuS AZORult Citadel |
| Greynoise | GreyNoise is a threat intelligence platform that specializes in providing insights into internet-wide scan and attack activity by analyzing and categorizing noise generated by benign and malicious internet traffic. It focuses on identifying and filtering out irrelevant or non-threatening activity, allowing cybersecurity professionals to concentrate on genuine threats. | IP |
Malicious Host Mail Spammer Mirai bot Telnet Attacker SSH Attacker |
| Botscout | Botscout is a threat intelligence platform that specializes in identifying and mitigating bot-related threats, particularly those associated with automated attacks on websites and online services. It provides a comprehensive database of known malicious bots, including their IP addresses and behaviors, which can be used by cybersecurity professionals to protect their systems from various forms of automated abuse, such as credential stuffing, scraping, and spamming. | IP |
HTTP Spammer Mail Spammer Proxy Anonymizer Malicious Host |
| Mr.Looquer | Mr.Looquer is a threat intelligence platform that specializes in the detection and analysis of malicious URLs and phishing threats. It focuses on providing cybersecurity professionals and organizations with actionable intelligence related to web-based attacks, including indicators of compromise (IoCs) such as harmful links and associated domains. | IP, Hostname |
Phishing Phishing Other Covid19 scam Proxy Social Engineering |
| Public-dns.info | Public-dns.info is a threat intelligence platform that specializes in providing information about public DNS servers and their associated performance, security, and reliability metrics. While its primary focus is on offering insights into DNS services, it also includes features that help users identify potentially malicious domains and IP addresses. | IP |
DNS Server Mail Spammer Proxy Anonymizer Malicious Host |
| SANS Internet Storm Center | The SANS Internet Storm Center (ISC) is a threat intelligence platform that specializes in monitoring and analyzing internet traffic to identify and report on emerging cyber threats and vulnerabilities. Operated by the SANS Institute, the ISC collects data from a global network of sensors and contributors, providing real-time insights into malicious activities, attack trends, and indicators of compromise (IoCs). | IP, Hostname |
Malicious domain Ransomware Ransomware Locky distribution site Phishing Other Generic.Malware |
| BadIPs | BadIPs is a threat intelligence platform that specializes in providing a comprehensive database of malicious IP addresses associated with various forms of cyber threats, including spamming, hacking attempts, and other abusive behaviors. The platform aggregates data from multiple sources, including user reports and automated threat detection systems, to maintain an updated list of indicators of compromise (IoCs) that can be used by cybersecurity professionals and organizations. | IP |
HTTP Attacker Malicious Host HTTP Spammer Bruteforce login attacker Mail Spammer |
| Darklist | Darklist is a threat intelligence platform that specializes in providing a comprehensive collection of blocklists and indicators of compromise (IoCs) related to malicious IP addresses, domains, and URLs associated with various cyber threats, including spam, phishing, and malware distribution. The platform aggregates data from multiple sources, including community contributions and automated threat detection systems, to maintain an up-to-date repository of known threats. | IP |
Malicious host SSH Attacker Malicious Host SIP Attacker ET COMPROMISED Known Compromised or Hostile Host Traffic UDP |
| Nothink.org | Nothink.org is a threat intelligence platform that specializes in the collection and analysis of indicators of compromise (IoCs) related to various cyber threats, including malware, phishing, and other forms of online abuse. The platform focuses on providing actionable intelligence to cybersecurity professionals by aggregating data from multiple sources, including user submissions and automated detection systems. | IP |
Telnet Attacker Malicious Host SSH Attacker ET CINS Active Threat Intelligence Poor Reputation IP UDP ET CINS Active Threat Intelligence Poor Reputation IP TCP |
| GreenSnow | GreenSnow is a threat intelligence platform that specializes in the detection and analysis of malicious domains and URLs, particularly those associated with phishing and other cyber threats. It focuses on providing real-time data and insights into newly registered and potentially harmful domains, enabling cybersecurity professionals to identify and mitigate risks before they can be exploited. | IP |
Malicious Host Mail Spammer Mail Spammer IMAP Attacker ET CINS Active Threat Intelligence Poor Reputation IP UDP ET CINS Active Threat Intelligence Poor Reputation IP TCP |
| VM-Ray | VM-Ray is a threat intelligence platform that specializes in advanced malware analysis and detection through its dynamic analysis technology. It provides a comprehensive environment for security professionals to analyze suspicious files and URLs in a virtualized setting, allowing for the observation of malware behavior without risking the integrity of the host system. VM-Ray’s platform generates detailed reports that include indicators of compromise (IoCs) such as file hashes, network activity, and system changes associated with the analyzed samples. | Sample |
Spyware Injector Backdoor Downloader Keylogger |
| Myip.ms | Myip.ms is a threat intelligence platform that specializes in providing detailed information about IP addresses, including their reputation, geolocation, and associated domains. It offers a range of tools and resources for cybersecurity professionals to analyze and assess the risk associated with specific IPs, helping to identify potential threats such as spamming, hacking attempts, and other malicious activities. | IP |
HTTP Spammer Anonymizer Proxy Mail Spammer IMAP Attacker |
| MalwareBazaar Abuse.ch | MalwareBazaar, a project by Abuse.ch, is a threat intelligence platform that specializes in the collection and distribution of malware samples and associated indicators of compromise (IoCs). It serves as a repository where security researchers and professionals can access a wide range of malware samples, including their hashes, file types, and behavioral characteristics. By providing detailed information about various malware strains, MalwareBazaar enables users to analyze and understand the threats they face, facilitating improved detection and response strategies. | Sample |
Generic.Malware Generic Malware Mirai Heodo Agent Tesla |
| DomainTools | DomainTools is a threat intelligence platform that specializes in providing comprehensive data and insights related to domain names, IP addresses, and their associated ownership and registration information. It offers a suite of tools designed for cybersecurity professionals, enabling them to investigate and analyze domain-related threats, such as phishing, malware distribution, and other malicious activities. | IP, Hostname |
Covid19 scam Generic.Malware Malicious domain Phishing Other Social Engineering |
| Sblam | Sblam is a threat intelligence platform that specializes in providing a comprehensive database of indicators of compromise (IoCs) related to spam, phishing, and other forms of online abuse. It focuses on aggregating data from various sources, including user reports and automated detection systems, to identify and catalog malicious IP addresses, domains, and URLs associated with cyber threats. | IP |
HTTP Spammer Proxy Anonymizer Mail Spammer Malicious Host |
| Antiphishing.com.ar | Antiphishing.com.ar is a threat intelligence platform that specializes in the detection and reporting of phishing attacks, particularly within the Latin American region. It provides a comprehensive database of indicators of compromise (IoCs), including malicious URLs, domains, and email addresses associated with phishing schemes. | IP, Hostname, URL |
Phishing Social Engineering Apple ID phishing paypal phishing Facebook phishing |
| AbuseIPDB | AbuseIPDB is a collaborative threat intelligence platform that specializes in providing a database of reported malicious IP addresses associated with various forms of cyber threats, including hacking attempts, spamming, and other abusive behaviors. Users can submit reports of suspicious IP addresses, which are then aggregated and made available to the community, allowing cybersecurity professionals and organizations to access real-time data on potentially harmful IPs. | IP |
Suspicious Host Malicious Host Mail Spammer SSH Attacker HTTP Attacker |
| ThreatFox Abuse.ch | ThreatFox, a project by Abuse.ch, is a threat intelligence platform that specializes in the collection and sharing of indicators of compromise (IoCs) related to malware and cyber threats. It focuses on providing a comprehensive database of malicious URLs, IP addresses, and file hashes associated with various forms of online attacks, including malware distribution and phishing. | IP, Hostname, Sample, URL |
Emotet QakBot Malware Download Cobalt Strike Mail Spammer |
| OpenPhish | OpenPhish is a threat intelligence platform that specializes in the detection and reporting of phishing websites and related cyber threats. It provides a comprehensive database of indicators of compromise (IoCs), including malicious URLs and domains associated with phishing attacks, which are regularly updated to reflect the latest threats. | IP, Hostname, URL |
Phishing Phishing Other Social Engineering Generic.Malware |
| Emerging Threats | Emerging Threats is a threat intelligence platform that specializes in providing a comprehensive collection of threat data, including indicators of compromise (IoCs) such as malicious IP addresses, domains, and URLs associated with various cyber threats. The platform focuses on identifying and analyzing emerging threats, including malware, botnets, and phishing attacks, to help organizations stay ahead of evolving cyber risks. | IP |
Malicious Host ET CINS Active Threat Intelligence Poor Reputation IP UDP ET CINS Active Threat Intelligence Poor Reputation IP TCP Mail Spammer |
| FireHol | FireHOL is a threat intelligence platform that specializes in providing curated IP blocklists and firewall rules to enhance network security. It aggregates and maintains a wide range of threat intelligence data, including indicators of compromise (IoCs) such as malicious IP addresses associated with various cyber threats, including botnets, malware, and phishing attacks. | IP |
Anonymizer Proxy HTTP Spammer Mail Spammer IMAP Attacker |
| Cleantalk.org | CleanTalk.org is a threat intelligence platform that specializes in combating spam and malicious activities across websites and online services. It provides a comprehensive database of indicators of compromise (IoCs), including IP addresses, email addresses, and usernames associated with spamming, botnets, and other forms of online abuse. | IP |
HTTP Spammer Mail Spammer Proxy Anonymizer Malicious Host |
| HoneyDB | HoneyDB is a threat intelligence platform that specializes in collecting and sharing data from honeypots, which are decoy systems designed to attract and analyze malicious activity. By monitoring interactions with these honeypots, HoneyDB gathers indicators of compromise (IoCs) such as malicious IP addresses, URLs, and attack patterns associated with various cyber threats. | IP |
Malicious Host Mail Spammer SSH Attacker ET CINS Active Threat Intelligence Poor Reputation IP UDP ET CINS Active Threat Intelligence Poor Reputation IP TCP |
| Barracuda | Barracuda is a cybersecurity company that offers a range of threat intelligence solutions, specializing in email security, web application security, and data protection. Their threat intelligence platform aggregates and analyzes data from various sources to provide insights into indicators of compromise (IoCs) related to email-based threats, such as phishing, malware, and spam. | IP |
Mail Spammer Malicious Host HTTP Spammer Proxy NTP Open Resolver |
| Phishtank | Phishtank is a collaborative threat intelligence platform that specializes in the identification and verification of phishing websites. It allows users to submit suspected phishing URLs, which are then reviewed and validated by the community, creating a comprehensive database of confirmed phishing sites. Phishtank provides indicators of compromise (IoCs) that can be utilized by cybersecurity professionals and organizations to enhance their defenses against phishing attacks. | IP, Hostname, URL |
Phishing Other Social Engineering Phishing NICOS Phishing Phishing Facebook |
| Alienvault Ip Reputation Database | The AlienVault IP Reputation Database is a threat intelligence resource that specializes in providing insights into the reputation of IP addresses based on their association with malicious activities, such as spamming, malware distribution, and other cyber threats. This database aggregates data from various sources, including community contributions and automated threat detection systems, to assess and categorize IP addresses according to their risk levels. | IP |
Malicious Host ET CINS Active Threat Intelligence Poor Reputation IP UDP ET CINS Active Threat Intelligence Poor Reputation IP TCP SSH Attacker Mail Spammer |
| URLhaus Abuse.ch | URLhaus, a project by Abuse.ch, is a threat intelligence platform specifically focused on the collection and sharing of malicious URLs associated with malware distribution and phishing attacks. It serves as a repository for security researchers and professionals to report and access information about harmful URLs, providing indicators of compromise (IoCs) that can be used to block or mitigate threats. | IP, Hostname, URL |
Malware Download Mail Spammer QakBot Malicious Host Suspicious Host |
| Hybrid-Analysis | Hybrid-Analysis is a threat intelligence platform that specializes in the dynamic analysis of malware and suspicious files, providing detailed insights into their behavior and potential threats. It offers a comprehensive environment for security researchers and analysts to upload and analyze files, generating reports that include indicators of compromise (IoCs) such as malicious IP addresses, domains, and file hashes. | IP, Hostname, Sample, URL |
Generic Malware Malicious site Phishing site Malware site |
| Abuse.ch | Abuse.ch is a threat intelligence platform that specializes in tracking and providing information on various forms of cyber threats, particularly focusing on malware, botnets, and phishing activities. The platform operates several projects, including the Malware Information Sharing Platform (MISP) and the URLhaus project, which collect and share indicators of compromise (IoCs) such as malicious IP addresses, domains, and URLs. | IP, Hostname, Sample, URL |
Malware Download Mail Spammer Generic.Malware Emotet |
| Rapid7 Open Data | Rapid7 Open Data is a threat intelligence initiative that provides access to a wealth of cybersecurity data, including indicators of compromise (IoCs), vulnerability information, and threat intelligence reports. Specializing in the aggregation and analysis of data from various sources, Rapid7 Open Data aims to empower security professionals and organizations with actionable insights to enhance their cybersecurity posture. | IP |
NTP Open Resolver Mail Spammer Memcached Malicious Host Proxy |
| Blocklist.net.ua | Blocklist.net.ua is a threat intelligence source that specializes in providing a collection of blocklists aimed at identifying and mitigating various cyber threats, particularly focusing on malicious IP addresses and domains associated with spam, malware, and other forms of online abuse. The platform aggregates data from multiple sources, including user reports and automated threat detection, to maintain an updated repository of indicators of compromise (IoCs). | IP |
Unauthorized scanning of hosts Mail Spammer Malicious Host SSH Attacker HTTP Spammer |
| CIArmy | CIArmy is a threat intelligence platform that specializes in providing a comprehensive collection of indicators of compromise (IoCs) related to cyber threats, particularly focusing on malicious IP addresses, domains, and URLs associated with various forms of online attacks, such as malware distribution, phishing, and botnet activities. The platform aggregates data from multiple sources, including community contributions and automated threat detection systems, to maintain an up-to-date repository of threat intelligence. | IP |
Malicious Host ET CINS Active Threat Intelligence Poor Reputation IP UDP ET CINS Active Threat Intelligence Poor Reputation IP TCP Mail Spammer SSH Attacker |
| Maltiverse Research Team | The Maltiverse Research Team is a threat intelligence source that specializes in the analysis and sharing of indicators of compromise (IoCs) related to cyber threats, particularly focusing on malware, phishing, and other malicious activities. Maltiverse provides a collaborative platform where security researchers and professionals can contribute to and access a rich database of threat intelligence, including malicious IP addresses, domains, and URLs. | IP, Hostname, URL |
Anonymizer Proxy HTTP Spammer dyre Mail Spammer |
| Abuseat.org | Abuseat.org is a threat intelligence platform that specializes in providing a comprehensive database of malicious IP addresses and domains associated with various forms of online abuse, including spam, phishing, and malware distribution. The platform aggregates data from multiple sources, including user reports and automated systems, to maintain an up-to-date list of indicators of compromise (IoCs) that can be used by cybersecurity professionals and organizations to enhance their security measures. | IP |
Mail Spammer Malicious Host HTTP Spammer Proxy SSH Attacker |
| Cyber Threat Coalition | The Cyber Threat Coalition (CTC) is a collaborative threat intelligence initiative that focuses on sharing actionable intelligence to combat cyber threats and enhance collective cybersecurity efforts. It brings together cybersecurity professionals, organizations, and researchers to share indicators of compromise (IoCs), threat data, and best practices in real-time. The CTC specializes in fostering a community-driven approach to threat intelligence, enabling participants to access and contribute to a rich repository of information on emerging threats, vulnerabilities, and attack techniques. | IP, Hostname, URL |
Malicious URL Covid19 scam Malicious Hostname Social Engineering Phishing Other |
| StopForumSpam.com | StopForumSpam.com is a threat intelligence resource that specializes in identifying and mitigating spam-related activities across online forums and communities. It maintains a comprehensive database of known spammers, including their IP addresses, email addresses, and usernames, which are contributed by users and organizations to help combat spam and abusive behavior. | IP |
HTTP Spammer Mail Spammer Proxy Anonymizer Malicious Host |
| FireHOL | FireHOL is a threat intelligence platform that specializes in providing curated IP blocklists and firewall rules to enhance network security. It aggregates and maintains a wide range of threat intelligence data, including indicators of compromise (IoCs) such as malicious IP addresses associated with various cyber threats, including botnets, malware, and phishing attacks. | IP |
Proxy Anonymizer Mail Spammer HTTP Spammer IMAP Attacker |
| Blocklist.de | Blocklist.de is a threat intelligence source that specializes in providing a comprehensive collection of blocklists aimed at identifying and mitigating various online threats, including malware, phishing, and botnet activities. It aggregates indicators of compromise (IoCs) such as IP addresses, domain names, and URLs associated with malicious behavior, enabling organizations to enhance their cybersecurity posture by blocking access to these threats. | IP |
Mail Spammer SSH Attacker IMAP Attacker Malicious Host HTTP Attacker |
| Cisco Umbrella | Cisco Umbrella is a cloud-based security platform that specializes in threat intelligence and protection against cyber threats, particularly through the use of indicators of compromise (IoCs). As part of Cisco’s broader security portfolio, Umbrella provides organizations with comprehensive visibility and control over their internet traffic, leveraging advanced machine learning and threat intelligence to identify and block malicious domains, IPs, and URLs in real-time. | Hostname |
Top 1M Site Alexa Top 1 Million Top 100K Site Safe Site Generic.Malware |
Related Articles
Getting Started with Maltiverse
Maltiverse by Lumu enhances your cybersecurity stack's Continuous Compromise Assessment by injecting curated threat intelligence feeds, thereby empowering threat detection. This article will guide you through the initial steps to integrate ...FAQs
About Maltiverse What is Maltiverse? An automated way to deliver reliable threat intelligence to be consumed by SOCs and MSSPs. We aggregate information from hundreds of public, private and community sources, we treat and enrich this information, ...Upload Private IoCs via Maltiverse Portal
This feature is only available for the Platform plan users. Maltiverse allows users to upload and manage IoCs directly through the platform. This feature streamlines the process of parsing IoCs from raw text, associating them with relevant metadata, ...Maltiverse Plans
Maltiverse offers three different subscription plans designed to fit a wide range of security needs, from individuals and small teams just starting with threat intelligence, to large enterprises requiring advanced integrations and full platform ...Maltiverse Datasets
Maltiverse processes threat intelligence from multiple sources and classifies it so it can be easily consumed and understood. Each Indicator of Compromise (IoC) is run by the Maltiverse Algorithm to be categorized not only by its type, but also by ...