RISK INDICATORS

Free OSINT Data Feeds

SUBSCRIBE NOW

Leverage OSINT to Enrich Your Threat Visibility

In cybersecurity, timing is everything. Open Source Intelligence (OSINT) offers a valuable layer of early insight by surfacing raw, unvalidated indicators that are often shared before they’ve gone through formal analysis or industry vetting. This data can provide timely signals of emerging threats that gives defenders a head start in identifying suspicious activity, enriching investigations, and supporting research efforts before threats escalate into incidents.

At Malware Patrol, we continuously gather, analyze, and curate OSINT from credible sources as part of our research-driven operations. While this data is not validated for use in our commercial threat intelligence services, we believe in the power of community and transparency, so we’re making it freely available to support the broader cybersecurity ecosystem.

OSINT by Malware Patrol

What You Get: Three Curated Feeds

1. High Risk IPs
Addresses identified in malicious activity such as spam campaigns, malware distribution, botnet operations, and command-and-control (C2) traffic.

2. Risk Indicators (IoCs)
A mix of threat artifacts including:

  • File hashes (MD5, SHA-1, SHA-256)
  • Email addresses linked to phishing or fraud
  • Cryptocurrency addresses used in ransomware or scam operations
  • Publicly disclosed CVEs

3. Tor Exit Nodes
Up-to-date IPs of Tor exit nodes, as listed by the Tor Project. Useful for flagging anonymized traffic or tightening access controls.

Context Enrichment with MITRE ATT&CK

We enhance the value of our OSINT data feeds by enriching them, wherever possible, with MITRE ATT&CK framework correlations to provide context and insights. This mapping not only strengthens situational awareness but also empowers more effective and informed defense strategies.

Key Benefits

  • Preventive Blocking: Use the feeds to block IPs, email addresses, and hashes tied to malicious behavior.
  • Malware Defense: Proactively blacklist known malware hashes.
  • Vulnerability Management: Cross-reference CVEs to prioritize patching and risk mitigation.
  • Threat Correlation: Enhance detection by combining our feeds with your internal telemetry and other threat intel sources.
?
m

CONTENTS

– Cryptocurrency Addresses
– CVEs
– Email Addresses
– Hashes (MD5, SHA-1, and SHA-256)
– IPs

FEATURES

– Completely Free
– Delivered in JSON (gzip) Format
– Hourly Updates
– Mapped to MITRE ATT&CK (when possible)

SUBSCRIBE FOR FREE
?