A list of Cyber Security threat intelligence sources that provide APIs to receive up-to-date data on emerging threats to defend against attacks.
Cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace.[1] Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence or intelligence from the deep and dark web.
https://en.wikipedia.org/wiki/Cyber_threat_intelligence
Intelligence Source | Description |
---|---|
AbuseIPDB | AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet. |
APT Groups and Operations | A spreadsheet containing intelligence on APT groups including their techniques, tactics and various names. |
Binary Defense IP Banlist | Binary Defense Systems Artillery Threat Intelligence Feed and Banlist Feed |
BOTVRIJ.EU | Open Source threat intelligence provider which contains network info (IPs), file hashes, file paths, domain names, URLs. |
CISA AIS | The Cybersecurity and Infrastructure Security Agency’s (CISA’s) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators, at machine speed, among the Federal Government; state, local, tribal, and territorial governments; and the private sector. |
CyberCure.ai | Cyber cure provides free to use qualified quality cyber intelligence feeds and allows to stop attackers before they attack. |
DigitalSide Threat-Intel | Contains a set of Open Source Cyber Threat Intellegence information, monstly based on malware analysis and compromised URLs, IPs and domains. The purpose of this project is to develop and test new wayes to hunt, analyze, collect and share relevants sets of IoCs to be used by SOC/CSIRT/CERT with minimun effort. |
Proofpoint Emerging Threats Rules | Regularly updated list of firewall rules for multiple different types which included; IPF, IPTables, PF and PIX |
ExoneraTor | Enter an IP address and date to find out whether that address was used as a Tor relay. |
Feodo Tracker | Feodo Tracker is a project of abuse.ch with the goal of sharing botnet C&C servers associated with the Feodo malware family (Dridex, Emotet/Heodo). |
FireHOL | A blacklist that can be safe enough to be used on all systems, with a firewall, to block access entirely, from and to its listed IPs. |
FS-ISAC | FS-ISAC members have access to threat reports with tactical, operational and strategic levels of analysis for a greater understanding of the tools, methods and actors targeting the financial sector. |
HoneyDB | HoneyDB provides real time data from honeypots deployed across the internet. This data can be queried through the site or use of their threat API to receive real time honeypot activity. |
Project IceWater | This project provides open-source YARA rules for the detection of malware and malicious files. |
InQuest Labs | An open, interactive, and API driven data portal for security researchers |
IPsum | IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. |
Malshare | A free Malware repository providing researchers access to samples, malicious feeds, and Yara results. |
PhishTank | PhishTank delivers a list of suspected phishing URLs. Their data comes from human reports, but they also ingest external feeds where possible |
SophosLabs Intelix | Powered by machine learning, decades of threat research, and petabytes of intelligence, SophosLabs Intelix™ gives your app superpowers to identify, classify, and prevent threats. Designed for easy integration into any application, augmenting your cybersecurity is only an HTTP request away. |
SSL Blacklist | The SSL Blacklist (SSLBL) is a project of abuse.ch with the goal of detecting malicious SSL connections, by identifying and blacklisting SSL certificates used by botnet C&C servers. |
ThreatMiner | ThreatMiner is a threat intelligence portal designed to enable analysts to research under a single interface. It is used in the SANS FOR578 Cyber Threat Intelligence course . API integration is available for many industry leading platforms. |
VirusTotal | Search VirusTotal’s dataset for malware samples, URLs, domains and IP addresses according to binary properties, antivirus detection verdicts, static features, behavior patterns such as communication with specific hosts or IP addresses, submission metadata and many other notions. |