+1.813.321.0987 [email protected]

Enterprise

The Intelligence You Need, The Way You Need It

FREE EVALUATION

Enterprise = Options

Malware Patrol’s Enterprise threat intelligence feeds solution provides complete control and flexibility. Whether you need a single feed, a custom-built solution, or research and product development intelligence that extends beyond our standard packages, Enterprise adapts to your security needs.

  • Security teams use Enterprise to access targeted threat intelligence feeds, enriched threat data, and advanced research resources—ideal for proactive defense, threat hunting, and tailored detections.

  • Cybersecurity companies rely on Enterprise for straightforward commercial licensing and high-confidence threat data to enhance product capabilities and improve customer protection.

  • Technology providers leverage Enterprise to selectively ingest threat intelligence feeds in formats and combinations that align with their architecture and data pipelines.

With simple licensing and pricing, Enterprise allows organizations to purchase only the threat intelligence feeds they need—from individual data feeds to comprehensive research toolkits—ensuring they build a security strategy that aligns with their specific requirements.

Our free evaluation provides access to current, active data so you can compare it directly with your existing sources. It’s a no-risk way to assess the accuracy, coverage, and relevance of our intelligence for your security needs.

Features
Data Feeds
Use Cases

Free Data Evaluation

Start Now

Features

Enterprise offers multiple ways to access and apply threat intelligence based on your specific goals. From individual feeds to fully customized data solutions and exclusive research resources, these options are designed to support organizations of all sizes—whether you’re running a lean security team or managing large-scale threat operations.

A La Carte – Purchase Only What You Need

  • Select one or multiple feeds based on your security requirements. Includes Malicious Domains, URLs, IPs, and more.
  • Ideal for organizations and cybersecurity vendors that require targeted intelligence.
  • Simple and flexible pricing.

Custom Intelligence – Tailored to Your Security Strategy

  • Threat intelligence feeds customized to match your specific format, filtering, or delivery preferences.
  • Designed for MSSPs, security vendors, and enterprises with unique security workflows.
  • Get exactly the intelligence your product or team needs.

Expanded Intelligence Feeds – For Research and More

  • DGAs – Identify C2 domains before they resolve.
  • Malware Binaries – Malware samples for reverse engineering.
  • Newly Registered Domains – Early detection of phishing/fraud.
  • Phishing Screenshots & HTML – Phishing artifacts for AI/ML training.
  • Unsanitized URLs – Includes malware filenames and extensions.

Big Data – The All-Inclusive Threat Intelligence Package

  • Get all our data feeds, including expanded intelligence and newly developed ones (around 2 per year).
  • Built for large-scale security operations, AI/ML training, cybersecurity product development, and threat intelligence research.
  • Unlimited access at a package price.

Data Feeds

We offer a wide range of threat intelligence feeds that can be purchased individually or in packages. Whether you’re looking to enrich a specific toolset, enhance detection capabilities, or gain full-spectrum visibility across threat types, our feeds cover everything from phishing and malware to C2 infrastructure and ransomware. Use the toggles below to explore each feed and find the intelligence that best fits your needs. Download our product sheet for more data feed details. —>

threat intelligence feeds

Big Data CTI Package

Big Data gives you complete access to our full suite of threat intelligence feeds, listed below, along with any new feeds developed during your subscription term. On average, we release two new feeds per year, expanding your visibility into evolving threats. This package includes unlimited data access across all available formats—NGFW, SIEM, TIP, JSON, CSV and more—making it ideal for large-scale security operations, AI/ML development, and threat research. It’s a future-ready solution built for teams who need comprehensive, always-expanding intelligence.

C2 Addresses + MITRE ATT&CK

Lists active command and control servers and maps them to known MITRE ATT&CK techniques. Enables precise threat actor tracking and TTP-based detection.

Cryptojacking

Identifies domains and scripts associated with unauthorized cryptocurrency mining. Helps prevent resource hijacking and stealthy system degradation.

DNS-over-HTTPS (DoH) Resolvers

Catalog of active DoH resolvers often used to bypass DNS filtering. Supports visibility and policy enforcement in encrypted DNS environments.

DNS RPZ Firewall

Ready-to-deploy RPZ zone files for DNS firewalls containing domains involved in cryptojacking, C2 communication, malware & ransomware distribution, and phishing. Simplifies DNS-layer protection for infrastructure and users.

DGA Domains

Predicts algorithmically generated domains used by malware to communicate with C2 servers. Enables preemptive blocking before domains are activated.

Emergent Threats Domains

Highlights newly active domains with suspicious behavior linked to emerging attacks. Supports proactive detection of novel threats and infrastructure.

Intrusion Insights

Captures IPs that have launched attacks against our global honeypot network. Offers real-world insight into active threats and attacker behavior.

Malicious Domains

Domains involved in cryptojacking, phishing, malware and ransomware distribution, C2 communication, and other malicious activity. Key for DNS-layer protection and early threat interception.

Malicious IPs

IP addresses hosting malicious infrastructure, including cryptojacking, C2 communication, malware & ransomware distribution, and phishing. Vital for network-based blocking and traffic filtering.

Malware Hashes

Provides file hashes (MD5, SHA1, SHA256) of known malware. Useful for IOC matching, threat hunting, and AV signature validation.

Malware Samples

Provides binaries of real-world malware collected from diverse sources, updated daily. Essential for detection engineering, reverse engineering, and AI/ML model training.

Malware URLs

Detects URLs delivering malware or ransomware payloads. Critical for blocking drive-by downloads and early-stage infections.

Newly Registered Domains

Tracks domains registered in the last 24–48 hours. Identifies early indicators of potential phishing, fraud, or malware campaigns.

OSINT (Free)

A free set of OSINT-based feeds including high-risk IPs, threat-related IOCs (hashes, emails, crypto addresses, CVEs), and active Tor exit nodes. Useful for baseline enrichment, blocklists, and contextual analysis.

Phishing

URLs and domains used in phishing campaigns, including credential harvesting and brand impersonation. Helps prevent account compromise and data loss.

Expanded Intelligence Use Cases

Our expanded threat intelligence feeds go beyond standard indicators to support deeper security use cases. These include malware samples, phishing artifacts, unsanitized URLs, and predictive DGAs—valuable resources for research, threat hunting, detection engineering, and AI/ML model training. Whether you’re building detection capabilities or analyzing attacker behavior, these feeds provide the context and detail needed to go further.

Predictive DGAs – Gaining an Edge on Emerging Threats

  • Traditional DGA-based threat intelligence often only includes resolving domains. With our full DGA feed, security teams can analyze domains before they resolve, helping identify attacker infrastructure before it is operational.
  • Threat researchers can track adversary tactics by examining domain generation patterns across multiple days.
  • Organizations can develop predictive blocking strategies to proactively mitigate future threats.

Phishing Screenshots & Raw HTML – Training AI/ML Models

  • Machine learning and AI-based phishing detection tools rely on high-quality training data. Our phishing dataset provides real-world HTML and screenshots to enhance model accuracy.
  • Security teams can build automated detection systems that recognize phishing attempts with greater precision.
  • Researchers can analyze phishing trends and template reuse, helping identify and mitigate phishing campaigns at scale.

Malware Samples – Powering Threat Research & Detection

  • Our continuously updated repository of millions of malware samples enables SOC teams and researchers to analyze new and emerging malware variants.

  • Reverse engineers can extract indicators of compromise (IOCs) and identify attacker techniques.

  • Security vendors can improve antivirus and endpoint detection by integrating real-world malware samples into their detection engines.

Unsanitized URLs – A Deep Dive into Malware Distribution

  • Unlike sanitized URLs, our dataset includes full path, file names, and extensions, allowing security teams to study the distribution methods of malware.

  • Researchers can analyze trends in malware filenames and extensions to determine evolving tactics used by attackers.

  • SOC teams can track malware-hosting infrastructure and implement proactive blocking measures based on URL patterns.

Newly Registered Domains – Early Detection of Malicious Domains

  • Attackers frequently register domains for phishing, fraud, and malware campaigns. Newly registered domains provide a window into potential future threats.

  • Security teams can monitor trends in domain registrations to identify suspicious activity before an attack campaign launches.

  • Organizations can create dynamic blocklists to prevent users from accessing high-risk domains before they become threats.

Get Started with Enterprise

Find the Right Threat Intelligence for Your Organization

Contact Us