Malware, Ransomware, C2s, Cryptominers, DGAs, DDoS, and More

The Value of Threat Data

Cyber threat intelligence is used by security professionals tasked with protecting their company’s assets against malicious actors. According to a study conducted by the Ponemon Institute:

  • 78% of respondents rate the importance of threat intelligence in achieving a strong cyber security posture as very high
  • 46% percent of respondents believe commercial data feeds provide more actionable intelligence than free sources.

Malware Patrol offers a wide variety of IoC feeds for use in all types of security environments and tools. Our data is verified and actionable. It protects your customers and networks against communications with botnets and command and control (C2) servers, malware infections and the transmission of compromised data.

What kind of threat data user are you?

Security Team

You need data to help block and detect threats, with a focus on the latest malicious campaigns. Or, as a security service provider, you use threat data to provide services to your customers.

Threat Researcher/Analyst

You need data or samples for research purposes, including reverse engineering and powering AI or machine learning tools.


Mature security program with a range of needs. You integrate IoCs into your SIEM, TIP or other tools for threat detection and response. You sell security services and use data from multiple vendors for maximum coverage.

Choose the Right Data for Your Needs 

We offer three main options:

  1. Business Protect is designed with the budget and needs of small to medium-sized businesses in mind. The service includes a malware and ransomware URLs feed in a variety of formats.
  2. DNS RPZ Firewall offers a set-it-and-forget-it automatic (AXFR/IXFR) BIND server transfer of up to seven separate response policy zones of malicious domains related to: (1) C2s, (2) COVID-19 Newly Registered Domains, (3) Cryptominers, (4) DGAs, (5) DNS-over-HTTPS servers, (6) Malware & Ransomware, and (7) Phishing sites.
  3. Enterprise Data Feeds include data for companies that have a mature cybersecurity program and require more specific or customized threat intelligence, such as for research purposes. The feeds can be purchased separately or in bundles, based on your business needs.

For ease of use, our data feeds are formatted for compatibility with the most common security platforms and software and:

  • Allow for UNLIMITED downloads
  • Each indicator is verified daily
  • DNS names are resolved 4-6 times a day
  • Newly discovered URLs are processed within an hour.


Business Protect

DNS Firewall



SMBs & Security Service Providers
Security/DNS Service Providers
Cyber Security Teams & Enterprises
Free data evaluation
Unlimited-use commercial license
Hourly updates
Unlimited downloads
Priority tech support
Subscription options: Monthly or Annual X X
Subscription options: Annual or multi-year X
Dedicated account manager X X
Free feed customization/formatting X X


Cryptomining X X
Bitcoin Blockchain Strings X X
Bitcoin Transactions X X
C2 Addresses X X
DDoS Attacks X X
DNS Firewall X
DoH Servers X X
Domain Names Generated via DGAs X X
Malicious Domains X X
Malicious IPs X X
Malware Hashes or Samples X X
Malware/Ransomware URLs X
Newly Registered Domains X X
Phishing X X