Enterprise CTI

The Threat Intelligence You Need, The Way You Need It

FREE EVALUATION

Enterprise = Options

Malware Patrol’s Enterprise solution provides complete control and flexibility over our threat intelligence feeds. Whether you need a single feed, a custom-built solution, or research and product development intelligence that extends beyond our standard packages, Enterprise adapts to your security needs.

    • Security teams use Enterprise to access targeted threat intelligence feeds, enriched threat data, and advanced research resources. This is ideal for proactive defense, threat hunting, and tailored detections.
    • Cybersecurity companies rely on Enterprise for straightforward commercial licensing and high-confidence threat data to enhance product capabilities and improve customer protection.
    • Technology providers leverage Enterprise to selectively ingest threat intelligence feeds in formats and combinations that align with their architecture and data pipelines.

With simple licensing and pricing, Enterprise allows organizations to purchase only the threat intelligence feeds they need, from individual data feeds to comprehensive research toolkits, ensuring they build a security strategy that aligns with their specific requirements.

Our free evaluation provides access to current, active data so you can compare it directly with your existing sources. It’s a no-risk way to assess the accuracy, coverage, and relevance of our intelligence for your security needs.

Features
Data Feeds
Feed Descriptions
Use Cases

Free Data Evaluation

Start Now

Features

Enterprise offers multiple ways to access and apply threat intelligence based on your specific goals. From individual feeds to fully customized data solutions and exclusive research resources, these options are designed to support organizations of all sizes, whether you’re running a lean security team or managing large-scale threat operations.

A La Carte – Purchase Only What You Need

  • Select one or multiple feeds based on your security requirements. Includes Malicious Domains, URLs, IPs, and more.
  • Ideal for organizations and cybersecurity vendors that require targeted intelligence.
  • Simple and flexible pricing.

Custom Intelligence – Tailored to Your Security Strategy

  • Threat intelligence feeds customized to match your specific format, filtering, or delivery preferences.
  • Designed for MSSPs, security vendors, and enterprises with unique security workflows.
  • Get exactly the intelligence your product or team needs.

Expanded Intelligence Feeds – For Research and More

  • DGAs – Identify C2 domains before they resolve.
  • Malware Binaries – Malware samples for reverse engineering.
  • Newly Registered Domains – Early detection of phishing/fraud.
  • Phishing Screenshots & HTML – Phishing artifacts for AI/ML training.
  • Unsanitized URLs – Includes malware filenames and extensions.

Big Data – The All-Inclusive Threat Intelligence Package

  • Get all our data feeds, including expanded intelligence and newly developed ones (around 2 per year).
  • Built for large-scale security operations, AI/ML training, cybersecurity product development, and threat intelligence research.
  • Unlimited access at a package price.

Data Feeds

We offer a wide range of threat intelligence feeds that can be purchased individually or in packages. Whether you’re looking to enrich a specific toolset, enhance detection capabilities, or gain full-spectrum visibility across threat types, our feeds cover everything from phishing and malware to C2 infrastructure and ransomware. Use the toggles below to explore each feed and find the intelligence that best fits your needs. Download our product sheet for more data feed details.

threat intelligence feeds

Big Data Package

Big Data gives you complete access to our full suite of threat intelligence feeds below, along with any new feeds developed during your subscription term. On average, we release two new feeds per year, expanding your visibility into evolving threats. This package includes unlimited data access across all available formats – NGFW, SIEM, TIP, JSON, CSV and more – making it ideal for large-scale security operations, AI/ML development, and threat research. It’s a future-ready solution built for teams who need comprehensive, always-expanding intelligence.
 

Individual Feeds

You can purchase any of the feeds below individually or combine multiple feeds to match your specific use case. Whether you need targeted indicators for a single tool or broader coverage across your security stack, we offer flexible options such as customizations in format, delivery, and content to fit your workflow.

 

Command & Control Servers

Lists active command and control servers and maps them to known MITRE ATT&CK techniques. Enables precise threat actor tracking and TTP-based detection.

Cryptojacking

Identifies domains and scripts associated with unauthorized cryptocurrency mining. Helps prevent resource hijacking and stealthy system degradation.

DGA Domains

Predicts algorithmically generated domains used by malware to communicate with C2 servers. Enables preemptive blocking before domains are activated.

DNS-over-HTTPS (DoH) Resolvers

Catalog of active DoH resolvers often used to bypass DNS filtering. Supports visibility and policy enforcement in encrypted DNS environments.

DNS RPZ Firewall

Ready-to-deploy RPZ zone files for DNS firewalls containing domains involved in cryptojacking, C2 communication, malware & ransomware distribution, and phishing. Simplifies DNS-layer protection for infrastructure and users.

Emergent Threats Domains

Highlights newly active domains with suspicious behavior linked to emerging attacks. Supports proactive detection of novel threats and infrastructure.

Intrusion Insights

Captures IPs that have launched attacks against our global honeypot network. Offers real-world insight into active threats and attacker behavior.

Malicious Domains

Domains involved in cryptojacking, phishing, malware and ransomware distribution, C2 communication, and other malicious activity. Key for DNS-layer protection and early threat interception.

Malicious IPs

IP addresses hosting malicious infrastructure, including cryptojacking, C2 communication, malware & ransomware distribution, and phishing. Vital for network-based blocking and traffic filtering.

Malware Hashes

Provides file hashes (MD5, SHA1, SHA256) of known malware. Useful for IOC matching, threat hunting, and AV signature validation.

Malware Samples

Provides binaries of real-world malware collected from diverse sources, updated daily. Essential for detection engineering, reverse engineering, and AI/ML model training.

Malware & Ransomware URLs

Detects URLs delivering malware or ransomware payloads. Critical for blocking drive-by downloads and early-stage infections.

Newly Registered Domains

Tracks domains registered in the last 24–48 hours. Identifies early indicators of potential phishing, fraud, or malware campaigns.

Phishing

URLs and domains used in phishing campaigns, including credential harvesting and brand impersonation. Helps prevent account compromise and data loss.

Two separate phishing-related expanded intelligence feeds are also available:

  • Phishing website screenshots (JPEG) accompanied by perceptual hashes
  • Raw HTML from phishing websites.
Risk Indicators (Free)

A free set of OSINT-based feeds including high-risk IPs, threat-related IOCs (hashes, emails, crypto addresses, CVEs), and active Tor exit nodes. Useful for baseline enrichment, blocklists, and contextual analysis.

Complete Data Feed Listing

 

Feed

Format

Update Frequency
Command & Control Servers       1 hour
Cryptojacking   12 hours
DGA Domains     1 hour
DNS-over-HTTPS (DoH) Servers     1 hour
DNS RPZ Firewall 5 minutes
Emergent Threats Domains 1 hour
Intrusion Insights 15 minutes
Malicious Domains         1 hour
Malicious IPs           1 hour
Malware Hashes     1 hour
Malware Samples (Binaries) Real-time
Malware & Ransomware URLs         1 hour
Newly Registered Domains 1 hour
Phishing Raw HTML Real-time
Phishing Screenshots Real-time
Phishing URLs 1 hour
Risk Indicators (Free) 1 hour

Expanded Intelligence Use Cases

Our expanded threat intelligence feeds go beyond standard indicators to support deeper security use cases. These include malware samples, phishing artifacts, unsanitized URLs, and predictive DGAs which are valuable resources for research, threat hunting, detection engineering, and AI/ML model training. Whether you’re building detection capabilities or analyzing attacker behavior, these feeds provide the context and detail needed to go further.

Malware Samples: Power Threat Research & Detection

  • Our continuously updated repository of millions of malware samples enables SOC teams and researchers to analyze new and emerging malware variants.

  • Reverse engineers can extract indicators of compromise (IOCs) and identify attacker techniques.

  • Security vendors can improve antivirus and endpoint detection by integrating real-world malware samples into their detection engines.

Newly Registered Domains: Detect Malicious Sites Early

  • Attackers frequently register domains for phishing, fraud, and malware campaigns. Newly registered domains provide a window into potential future threats.

  • Security teams can monitor trends in domain registrations to identify suspicious activity before an attack campaign launches.

  • Organizations can create dynamic blocklists to prevent users from accessing high-risk domains before they become threats.

Phishing Screenshots & HTML: AI/ML Training

  • Machine learning and AI-based phishing detection tools rely on high-quality training data. Our phishing dataset provides real-world HTML and screenshots to enhance model accuracy.
  • Security teams can build automated detection systems that recognize phishing attempts with greater precision.
  • Researchers can analyze phishing trends and template reuse, helping identify and mitigate phishing campaigns at scale.

Predictive DGAs: Gain an Edge on Emerging Threats

  • Traditional DGA-based threat intelligence often only includes resolving domains. With our full DGA feed, security teams can know domains before they resolve, helping identify attacker infrastructure before it is operational.
  • Threat researchers can track adversary tactics by examining domain generation patterns across multiple days.
  • Organizations can develop predictive blocking strategies to proactively mitigate future threats.

Unsanitized URLs: Malware Distribution Deep Dive

  • Unlike sanitized URLs, our dataset includes full path, file names, and extensions, allowing security teams to study the distribution methods of malware.

  • Researchers can analyze trends in malware filenames and extensions to determine evolving tactics used by attackers.

  • SOC teams can track malware-hosting infrastructure and implement proactive blocking measures based on URL patterns.

?

Get Started with Enterprise

Find the Right Threat Intelligence for Your Organization

Contact Us

Learn about Malware Patrol’s DNS Firewall Solutions.

?