OSINT Data Feeds for Cybersecurity

Risk Indicators

Open source threat intelligence (OSINT) is critical for strengthening defenses against evolving cyber threats. It serves as an early warning system, enabling identification and mitigation of potential threats before they become security incidents. By integrating intelligence from a variety of sources, organizations can achieve a more robust and nuanced understanding of the threat landscape. This allows more accurate risk assessments and proactive defense strategies, ensuring that security measures are well-informed and resilient against evolving cyber threats.

Malware Patrol collects open source intelligence from reputable sources within the cybersecurity industry as part of our ongoing research and daily operations. This gathered information is carefully curated and provided via three free OSINT data feeds:

1) High Risk IPs: Addresses involved in a range of malicious activities, such as spam, malware distribution, botnets, and command-and-control communications.
2) Risk Indicators: A variety of threat-related IoCs, including: MD5, SHA1, and SHA256 hashes, email addresses, cryptocurrency addresses, and CVEs.
3) Tor Exit Nodes: Addresses of active Tor exit nodes as reported by the Tor Project.

Security teams can utilize this intelligence in many ways, including to block malicious IPs and email addresses, blacklist identified hashes to prevent malware execution, and patch vulnerabilities associated with disclosed CVEs. Our feeds can also be correlated with existing data sources for improved decision making.

We enhance the value of our OSINT data feeds by correlating them, whenever possible, with the MITRE ATT&CK framework to provide deeper context and insights. This correlation helps us map out the tactics, techniques, and procedures (TTPs) and associated threat actors, providing a clearer understanding of potential threats. By integrating MITRE, we ensure that our feeds are not only informative but also strategically valuable.




– Cryptocurrency Addresses

– CVEs

– Email addresses

– Hashes (MD5, SHA-1, and SHA-256)

– IPs




– Free subscription

– JSON gzip format

– Hourly updates

– MITRE ATT&CK correlation