Malware Patrol
Threat Intelligence
Turn intelligence into action – Detect, analyze, and respond faster
Overview
Gain a comprehensive view of the external cyber landscape with Malware Patrol’s Cyber Threat Intelligence (CTI) solutions. Our intelligence is derived from a diverse and extensive collection of sources that provide real-time visibility into active and emerging cyber risks. We cover a broad spectrum of malicious activities, including malware, ransomware, phishing, cryptominers, newly registered domains, and command-and-control servers to equip your organization with the insights needed to proactively detect and mitigate potential attacks.
Our continuous monitoring of the global threat landscape enables us to deliver timely, actionable CTI that empowers your organization’s defenses. By choosing Malware Patrol, you are not just getting data – you are gaining a powerful ally in your cybersecurity efforts.
Benefits
Highly Actionable
Our threat intelligence solutions boast an exceptionally low false positive rate. We ensure the accuracy of our data through rigorous daily validation, including DNS resolution and URL visits, to make sure only active indicators are in the feeds.
Context
Our data is enriched with critical context, including MITRE ATT&CK mappings, to help organizations understand the actors and intent behind cyber activity, prioritize risks, and strengthen their defense strategies in a more targeted manner.
Seamless Integration
Effortlessly integrate Malware Patrol’s CTI with your existing security stack, including SIEMs, TIPs, and NGFWs. Automated data ingestion ensures that your team has Malware Patrol’s actionable intelligence exactly where and when it’s needed.
Historical Correlations
We correlate threats with our two decades’ worth of historical data. This provides unparalleled insight into long-term cyber trends, enabling the identification of patterns, attribution of malicious activity, and enhanced forecasting of emerging risks.
Data Options
Explore our threat intelligence data packages, designed for a range of security needs—from blocking malicious activity via firewalls to threat hunting and enrichment. Choose from our curated packages, purchase à la carte feeds, or access expanded datasets for research and analysis through our Enterprise offering.
Download our product sheet for data feed details. –>
GateKeeper
Real-time blocking of active malicious domains using a DNS RPZ firewall.
Radar
Domain-level insights into both active and emerging threats.
Guardian
Active and emerging threats along with ongoing attacks contextualized with metadata.
Data Feeds
Malicious Domains
Emergent Threats Domains, Malicious Domains
Emergent Threats Domains, Intrusion Insights, Malicious Domains, Malware Hashes
IOC Type
Domain
Domain
Domain, Hash, IP, Metadata
Format
BIND 9 XFR
CSV, BIND RPZ (XFR or downloadable)
CSV, JSON
Time Range
60 days
180 days
All active
Threats Covered
C2s, Cryptominers, DGAs, Malware, Phishing, Ransomware
C2s, Cryptominers, DGAs, Emerging Threats, Malware, Phishing, Ransomware
Automated Attacks, Botnets, C2s, Cryptominers, DGAs, Emerging Threats, Malware, Phishing, Ransomware
Sentinel
High-fidelity data to enhance threat detection, enforcement, and network protection using NGFW.
ThreatLens
Counter sophisticated cyber threats utilizing all indicator types and valuable context.
Enterprise
A la carte, full access, or customized to your specifications. Also includes data feeds not available in standard packages. Learn more.
Data Feeds
Emergent Threats Domains, Intrusion Insights, Malicious Domains, Malicious Hashes, Malicious IPs, Malicious URLs, Tor Exit Nodes
DoH Servers, Emergent Threats Domains, Intrusion Insights, Malicious Domains, Malicious Hashes, Malicious IPs, Malicious URLs
ThreatLens feeds + DGAs, Malware Samples, Newly Registered Domains, Phishing Screenshots & Raw HTML, Unsanitized URLs
IOC Type
Domain, Hash, IP, URL, Metadata
Domain, Hash, IP, URL, Metadata
Domain, Hash, HTML, IP, Samples, Screenshots, URL, Metadata
Format
Cisco, FortiGate, MikroTik, Palo Alto NGFW
CSV, JSON, FortiSIEM, MISP
CSV, JSON and custom formats
Time Range
180 days
All active
All active
Threats Covered
Automated Attacks, Botnets, C2s, Cryptominers, DGAs, Emerging Threats, Malware, Phishing, Ransomware
Automated Attacks, Botnets, C2s, Cryptominers, DGAs, Emerging Threats, Malware, Phishing, Ransomware
Automated Attacks, Botnets, C2s, Cryptominers, DGAs, Emerging Threats, Malware, Phishing, Ransomware
All feeds are available for individual purchase – visit our Enterprise page for more information.
Take advantage of our free data evaluation.
Features
Our flexible solutions provide continuous updates, expert support, and seamless access to high-quality threat data—ensuring you stay ahead of cyber risks.
- — Free Data Evaluation: Test our intelligence with a complimentary evaluation.
- — Hourly Feed Updates: Stay ahead of emerging risks with real-time updates.
- — Unlimited Downloads: Access your data without limitations.
- — Dedicated Account Manager: Get personalized support with a direct point of contact.
- — US-Based Tech Support: Receive fast assistance for integrations & troubleshooting.
- — Annual & Multi-Year Subscriptions: Choose a flexible plan for long-term security.
Use Cases
Detect & Respond
Detection and response solutions focus on identifying and mitigating threats that have bypassed initial defenses. Comprehensive and actionable threat intelligence enables security teams to detect and investigate incidents faster, confidently automate responses to mitigate risks, and ensure swift recovery from potential breaches.
- IDS: Detect and alert on suspicious activity in networks or systems to support incident response. (Snort, Suricata)
- EDR: Monitor and analyze system activity to detect threats and provide response capabilities.
- XDR: Integrate data across multiple security layers (endpoint, network, cloud) for holistic threat detection and response.
Block & Prevent Attacks
Using real-time intelligence on malicious domains, IPs, URLs, and file hashes, security solutions can automatically block known threats before they can cause harm. This intelligence-driven approach strengthens defenses by reducing attack surface exposure and stopping threats at scale before they reach critical systems.
- Firewall: Prevent infections by using dynamic blocklists of known malicious IPs, domains, and URLs to deny access to malicious sites. Palo Alto NGFW, FortiGate NGFW, MikroTik, Cisco FirePOWER)
- IPS: Monitor network traffic in real-time and actively blocks known threats and vulnerabilities. (Suricata)
- Email security gateway: Identify and mitigate phishing, malware, and other email-based attacks before they reach users’ inboxes. (SpamAssassin)
- AV / Anti-malware solution: Detect and remove malware, including viruses, trojans, and ransomware, through file and email scanning using signature-based detection. (ClamAV)
Threat Hunting
Threat hunting is a proactive approach to cybersecurity that involves searching for threats that may have evaded automated defenses like firewalls, antivirus software, or intrusion detection systems. Threat intelligence plays a crucial role in this process by providing security teams with contextual information about known and ongoing attack methods, tools, and tactics used by adversaries. This information allows security professionals to focus their efforts on specific attack vectors, anticipate potential moves, and search for evidence of their activities. By integrating external threat feeds with internal security data, organizations can gain a clearer picture of the threat landscape and uncover risks that might otherwise go undetected.
IOC Enrichment & Correlation
Threat intelligence provides critical context – threat classifications, MITRE ATT&CK mappings, timestamps, and historical activity, among others – to raw indicators. Enriching, aggregating, and correlating data from multiple vendors, internal telemetry, OSINT, and intelligence-sharing networks, helps security teams identify patterns, relationships, and attack campaigns more effectively.
- TIP: Aggregate and analyze threat data to enrich IOCs with contextual information. (MISP, Anomali, ThreatQ)
- SOAR: Automate IOC enrichment and correlation workflows across multiple tools.
