Loading...
MITRE ATT&CK and CAPEC Datasets in STIX 2.0 is a free Threat Intelligence Platforms tool. Security professionals most commonly compare it with . All 360 alternatives are matched by shared capabilities, tags, and NIST CSF 2.0 coverage.
A closer look at the 8 most relevant alternatives and competitors to MITRE ATT&CK and CAPEC Datasets in STIX 2.0, including their key features and shared capabilities.
Free breach monitoring platform for compromised credential detection & alerting.
Web data platform providing open, deep & dark web APIs and monitoring.
Cybercrime intelligence tools for searching compromised credentials from infostealers
Cybersecurity market intelligence platform for tracking competitors & funding
Open-source threat intelligence platform for organizing and operationalizing CTI
Shares 4 capabilities with MITRE ATT&CK and CAPEC Datasets in STIX 2.0: MITRE Attack, STIX, Open Source, Cyber Threat Intelligence
Managed CTI platform with sector-specific threat reports and exposure monitoring.
Shares 4 capabilities with MITRE ATT&CK and CAPEC Datasets in STIX 2.0: Threat Analysis, MITRE Attack, STIX, Cyber Threat Intelligence
Converts unstructured OSINT & darknet signals into structured STIX 2.1 threat intelligence
Shares 4 capabilities with MITRE ATT&CK and CAPEC Datasets in STIX 2.0: Threat Analysis, MITRE Attack, STIX, Cyber Threat Intelligence
Threat intelligence platform for collecting, analyzing, and sharing CTI data
Shares 3 capabilities with MITRE ATT&CK and CAPEC Datasets in STIX 2.0: MITRE Attack, STIX, Cyber Threat Intelligence
Free breach monitoring platform for compromised credential detection & alerting.
Web data platform providing open, deep & dark web APIs and monitoring.
Cybercrime intelligence tools for searching compromised credentials from infostealers
Cybersecurity market intelligence platform for tracking competitors & funding
Open-source threat intelligence platform for organizing and operationalizing CTI
Managed CTI platform with sector-specific threat reports and exposure monitoring.
Converts unstructured OSINT & darknet signals into structured STIX 2.1 threat intelligence
Threat intelligence platform for collecting, analyzing, and sharing CTI data
Enterprise threat intelligence platform with APAC focus and adversary tracking
AI-powered threat management platform for detection, analysis, and response
Behavior-based threat intel feed delivering malware IOCs with context
Enterprise threat intelligence platform for proactive threat detection
SaaS platform for threat-informed defense using adversary tradecraft analysis
AI-driven tool mapping threat intelligence to org-specific risk landscapes.
Free contextual federated search tool for threat intelligence enrichment
MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.
OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.
ActorTrackr is an open source web application for storing, searching, and linking threat actor intelligence data from public repositories and user contributions.
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
A publicly available dataset of security incidents designed to support cybersecurity research and threat analysis.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
Continuous threat intelligence and exposure management across dark, deep & clear web.
Cyber threat intelligence platform providing actionable insights
Cyber threat intelligence platform with adversary tracking capabilities
Threat intelligence platform for aggregating, analyzing, and sharing CTI data
XTM portfolio for threat intel, attack surface visibility & adversary simulation
AI-powered platform for collecting and analyzing open source threat intelligence
Investigative analytics platform for threat intelligence and security ops
Managed cyber threat intelligence service with org/adversary profiling
Technical threat intel feed of compromised IPs/domains from cybercrime sources
SOC Radar Cyber Threat Intelligence is a comprehensive platform that provides dark web monitoring, vulnerability intelligence, and threat actor analysis to help organizations proactively defend against cyber threats.
Threat intelligence database with 500M+ malicious IPs, domains, and IOCs via API
File and URL scanning service for malware and threat detection
Threat intelligence platform providing global threat visibility and IoCs
Enterprise threat intelligence feeds covering malware, phishing, C2, and IPs
MCP server connecting LLMs to live threat intelligence via natural language
Threat intelligence platform aggregating global threat data for detection
Automates distribution of threat intel across security infrastructure
Automotive-specific threat intelligence platform for mobility ecosystem
Real-time threat intelligence platform with STIX/TAXII compliance
Threat intelligence platform providing APT analysis and threat reports
Mobile threat intelligence service providing threat data, research, and DFIR
Threat intelligence platform with 500M+ entries for real-time threat analysis
Real-time threat intelligence platform with analyst-enriched insights
Threat intelligence platform providing actionable insights from global sources
OT/IoT threat intelligence feed for vulnerability and malware detection
AI-powered cyber threat intelligence platform for threat monitoring & analysis
AI-driven threat intelligence platform for threat detection and response
AI-powered threat intelligence service with expert analysis and geopolitics
Cyber threat intelligence sharing platform with TAXII/STIX support
CTI platform providing structured threat intelligence and analysis
Threat intelligence platform providing strategic & tactical threat analysis
Cyber threat intelligence sharing platform for Australian organizations
Global threat intelligence platform aggregating CTI sources with AI analysis
AI-powered threat intelligence platform collecting data from web sources
Threat intelligence library with 30,000+ threats mapped to MITRE ATT&CK
Weekly threat intelligence briefings published by VerSprite
Predictive cybersecurity platform providing threat intelligence services
Threat intel enrichment platform that correlates events with IOCs and actors
AI-driven threat intel feeds for automated blocking on 20+ firewall vendors
Managed threat intelligence service with dark web monitoring and analysis
Threat intel service focused on adversary attribution and monitoring
Automotive-focused threat intelligence platform with dark web monitoring
Threat intelligence service providing threat profiles and analytics for MDR
AI-powered external threat intelligence platform for threat detection
Visual link analysis platform for OSINT and threat investigations
AI-powered cyber threat intelligence platform for IoC detection and analysis
Zero-day threat intelligence platform with adversary monitoring & simulation
Subscription threat intel service with reports, translations & security notifications.
AI-powered maritime-specific cyber threat intelligence for shipping companies.
Mobile-focused threat intelligence portal for detecting and analyzing mobile threats.
Threat intel firm identifying human actors behind cyber threats.
Curated attack use case platform that feeds threat scenarios into Jizô AI.
Automated threat intel service with IoC search, feeds, and SIEM/SOAR integrations.
AI-powered threat verification for phone numbers, websites, text messages, and emails
Dark web intelligence platform for stealer log and credential exposure detection.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
A knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.
A Python library for handling TAXII v1.x messages and services to enable automated threat intelligence sharing and indicator exchange.
A threat intelligence platform monitoring threat actors targeting non-human identities
A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.
n6 is a network security incident exchange system that collects, manages, and distributes threat and incident data through REST API and web interfaces for authorized users.
CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.
YETI is a proof-of-concept TAXII implementation that supports Inbox, Poll, and Discovery services for automated cyber threat intelligence indicator exchange.
GCTI's open-source detection signatures for malware and threat detection
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.
Repository with projects for photo and video hashing, content moderation, and signal exchange.
A tool that checks if domains are present in Alexa or Cisco top one million domain lists for reputation assessment and threat analysis.
PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.
A Python library that provides an interface to query ThreatCrowd's API for threat intelligence data including email, IP, domain, and antivirus reports with built-in caching capabilities.
CyberOwl aggregates and summarizes daily security advisories from multiple CERT organizations and threat intelligence sources into consolidated reports.
A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.
A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.
nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.
A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.
AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.
Real-time OSINT monitoring for leaked credentials, data, and infrastructure
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
Next-gen cybersecurity platform for threat detection & digital risk mgmt.
Enterprise threat intelligence platform for identifying and prioritizing threats
Cyber threat intelligence platform for threat-led risk management
Global IP threat intelligence search engine with attack surface mgmt
Real-time threat intelligence platform for external cyber threat defense
AI-driven cyber threat intelligence platform for threat detection and analysis
Dark web monitoring platform for detecting data leaks and brand threats
Real-time threat intelligence platform for monitoring attacks and breaches
Enterprise cyber threat intelligence platform with remote network protection
Cyber intelligence platform for threat detection and security posture mgmt
Threat intelligence platform combining Google, Mandiant, and VirusTotal data
Orchestrated threat intelligence platform for CTI and SOC teams
AI-powered threat intelligence platform for real-time threat intel management
Threat intelligence platform for detection, investigation, and response
AI-powered threat intelligence platform with agentic AI automation
AI-powered threat intel platform for operationalizing CTI and cyber risk mgmt
European threat intelligence as-a-service provider with analyst support
CTI platform combining automated collection with cyber HUMINT for threat intel
Real-time threat intel platform detecting malicious scanning & exploitation
Threat intelligence service providing alerts, analysis, and support
Dark web investigation platform with comprehensive database and analysis tools
Threat intelligence platform with deep/dark web monitoring and OSINT data
Cyber threat intelligence platform for monitoring threats, TTPs, and IOCs
AI-driven cyber intelligence orchestration platform for threat intel & OSINT
API providing access to compromised identity data and threat signals
DNS-layer threat blocking service with real-time threat intelligence feeds
Proactive C2 threat intelligence feed for detecting adversary infrastructure
DNS-based threat defense using predictive intelligence to block threats
CTI platform monitoring deep/dark web, forums & threat actors for intel
AI-powered threat intelligence platform for cyber, geopolitical & physical risks
Preemptive cyber defense platform using DNS, WHOIS, and web data for threat intel
Infrastructure intelligence platform for threat hunting and investigation
3D cyber threat visualization platform for external threat monitoring
SOCRadar Extended Threat Intelligence Platform is a SaaS-based solution that provides real-time threat detection, digital risk protection, and AI-powered threat intelligence services across multiple environments including dark web, social media, and cloud platforms.
SOCRadar Agentic Threat Intelligence is an AI-powered cybersecurity platform that deploys autonomous agents to automate threat intelligence operations, analysis, and response without human intervention.
Threat intelligence platform for detection, hunting, and remediation
Real-time C2 infrastructure detection and disruption threat intelligence feed
Malware intelligence marketplace aggregating multiple detection engines
Threat intelligence feeds providing malware and threat data in multiple formats
IP geolocation databases and APIs for location-based content and traffic analysis
API service providing IP geolocation data and intelligence for security use cases
IP intelligence platform for proxy/VPN detection and geolocation
Real-time threat intelligence platform for external threat visibility and IoC analysis
Threat intelligence platform for SOC/MSSP with AI/ML threat analysis
Cyber threat intelligence platform monitoring external threats & cybercrime
Real-time identity protection monitoring compromised credentials on dark web
Threat intel platform for investigating cybercrime underground sources
Threat intel platform combining CTI, DRPS, EASM & TPRM for exposure mgmt.
AI-powered investigation tool for analyzing identity exposures from darknet data
Dark web intelligence service with human operatives for threat hunting
Threat intelligence feeds for SOC teams from social, dark web & botnet sources
Threat intelligence search platform with correlated data graph
AI-powered cyber threat intelligence platform with real-time monitoring
AI-based threat intelligence platform for analyzing and distributing threat data
Threat intelligence platform combining network security and threat exposure mgmt
Visual interface for exploring threat intelligence data sources and datasets
External threat landscape mgmt platform with predictive intelligence
Dark web monitoring platform for detecting data breaches and leaked data
Swiss-made darknet monitoring platform providing real-time threat intel via API
Dark web monitoring platform for detecting exposed credentials and threats
Real-time zero-day vulnerability detection and alerting platform
CTI platform for threat analysis, dark web monitoring, and data breach detection
Investigative intelligence service for law enforcement agencies
Threat intel platform for prioritizing vulnerabilities based on attacker TTPs
AI-driven threat intel platform monitoring clear, deep, and dark web sources
Threat intelligence platform monitoring dark web, breaches & attack surface
AI-powered threat intelligence platform with search, risk assessment & alerts
AI-powered CTI platform integrating ASM, DRP, and TI capabilities
Virtual asset intelligence solution tracking cryptocurrency transactions
P2P threat intel sharing platform for collaborative defense communities
Threat intelligence platform with AI-powered monitoring and analysis
Centralized threat intelligence platform for aggregating and operationalizing IOCs
Overlay tool providing real-time threat intel & context across security tools
Risk intelligence service for supply chain, geopolitical & compliance risks
Detects compromised assets via outbound traffic to GreyNoise sensors & malicious IPs
Threat intelligence platform for cyber, physical, vulnerability & national sec
Enterprise file analysis platform for high-volume malware detection
Proactive threat intelligence platform providing early warning alerts
Threat intelligence platform providing messaging threat data via API
OSINT platform for monitoring surface web, dark web, and social media sources
Domain intelligence platform for threat research and investigation
Anonymous ICS threat intel sharing platform for collective defense
File threat intelligence integration combining hash lookups & malware detection
CTI services combining human expertise and AI for threat analysis
Screens blockchain addresses for risk and provides allow/deny recommendations.
Database for detecting VPNs, proxies, Tor exits, and anonymization services
Aviation security threat intelligence & risk mgmt platform for AVSEC pros
AI-powered threat intelligence feed for automated DDoS protection
Physical security threat intel platform combining OSINT, location data & analysis
Cyber threat intelligence platform with AI-driven analysis and threat hunting
Cyber threat intelligence feeds for SOC and threat intelligence teams
Curated phishing threat intelligence feed with predictive detection
Real-time fraud intelligence sharing platform with GDPR-compliant tokenization
AI-driven threat intel platform for preemptive security & attack prevention
AI-driven platform that operationalizes threat intel into risk-prioritized actions
Threat intel platform for discovering cybercrime on encrypted chat networks
AI-powered reputation engine for blocking spam, bots, and malicious IPs via API.
Domain reputation threat intelligence feeds for malicious domain detection
AI-driven scam detection via victim emulation in peer-to-peer conversations
Threat intelligence feeds covering 100+ attack types with 5-min updates
Analyzes phishing kits to extract IOCs, attacker infrastructure & tactics
Visual link analysis platform for OSINT investigations and data correlation
AI-powered platform identifying C2 and attack infrastructure pre-weaponization
Preemptive threat intelligence platform for incident response and hunting
Daily threat intel feed identifying malicious IPs with abuse classifications
Database for detecting proxies, VPNs, Tor nodes, and high-risk IP addresses
API service for detecting proxies, VPNs, Tor nodes, and malicious IPs
Real-time IP fraud detection and risk scoring API for identifying malicious IPs
IP address blocklist service for identifying and blocking fraudulent IPs
Secure collaboration platform for detecting suspicious accounts via shared signals
Pre-attack threat intel platform detecting attacker infrastructure before launch
AI platform for real-time event, threat & risk intelligence detection
Cyber risk analytics & external infrastructure intelligence platform
Real-time threat intel feeds sourced from honeypots & ISP abuse reports.
Real-time threat intel platform with IP/domain reputation scoring and low false positives.
AI-powered URL classification & IP reputation feed/API for security vendors.
ML-based URL & domain classification API for threat and content scoring.
AI-based domain & IP threat scoring API for security product integration.
AI-powered CTI platform converting unstructured threat data into role-based intelligence.
Threat intelligence plugin for MikroTik RouterOS with real-time feed updates.
Real-time network threat prevention platform enforcing 10B+ threat indicators.
Managed CTI service monitoring dark web & open sources for emerging threats.
Real-time CVE exploitation tracker with active IP feeds and IoC visibility.
Cloud-based platform that maps malware relationships for threat intelligence.
Digital threat intel platform with 300TB+ of malware data, AI analytics & forecasting.
AI-powered DNS domain threat intelligence service for DDR 2.0 solutions.
Enriched threat feed for identifying malicious IPs and actors in network traffic.
Passive DNS intelligence platform for threat detection and investigation.
Managed dark/deep/clear web threat monitoring with expert analyst review.
Data fusion platform supporting the full intelligence cycle for security agencies.
Continuous, private malware analysis and threat intel platform for enterprises.
Threat detection, correlation, and intel feed platform for SecOps teams.
Blockchain threat intel & crypto forensics platform for AML and investigations.
Threat intel platform with dark web monitoring, ASM, and brand protection.
Threat intel platform detecting mass exploitation & recon via deception nets
API platform providing historical DNS, WHOIS, and IP data for security research.
IP intelligence, geolocation, proxy detection, and fraud prevention service
AI-powered threat intelligence platform with generative AI capabilities
Stixview is a JS library for embeddable interactive STIX2 graphs, aiming to bridge the gap between CTI stories and structured CTI snapshots.
IP reputation & threat intel API backed by honeypot sensors and community reports.
Malware analysis platform using emulation-based sandbox technology
Free URL scanner that checks links for malware, phishing, and fraud threats
Free threat intel platform for DNS data analysis and infrastructure mapping
Central hub for accessing Filigran products, resources, and community content
Free URL/domain/IP threat investigation tool with risk scoring & categorization.
Free mule account alert feed for banks to detect scam-linked accounts.
Scans email addresses against breach databases for personal data exposure.
Community-driven phishing URL archive operated by Cisco Talos.
Free threat intel feed blocking malicious IPs/domains via global sensors.
Dark web threat intelligence platform for detecting & investigating cyber threats.
A comprehensive Threat Intelligence Program Management Solution for managing the entire CTI lifecycle.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
VirusTotal API v3 is a threat intelligence platform for scanning files, URLs, and IP addresses, and retrieving reports on threat reputation and context.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
A project sharing malicious URLs used for malware distribution to help protect networks.
Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.
Maltiverse automates Threat Intelligence for small and medium-sized SecOps teams, providing an effective and affordable service.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.
Dataplane.org is a nonprofit organization providing free data, tools, and analysis to increase awareness of Internet trends, anomalies, threats, and misconfigurations.
Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
Threat intelligence platform providing real-time threat data and insights.
Free cyber threat intelligence feeds for proactive threat detection
AbuseIPDB offers tools and APIs to report and check abusive IPs, enhancing network security.
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.
An extendable tool to extract and aggregate IOCs from threat feeds, integrates with ThreatKB and MISP.
Knowledge base workflow management dashboard for YARA rules and C2 artifacts.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
QRadio is a tool/framework designed to consolidate cyber threats intelligence sources.
A visualization tool for threat analysis that organizes APT campaign information and visualizes relations of IOC.
Converts OpenIOC v1.0 XML files into STIX Indicators, generating STIX v1.2 and CybOX v2.1 content.
Hippocampe is a threat feed aggregator with configurable confidence levels and a Hipposcore for determining maliciousness.
Developer documentation providing REST API and SDK resources for ThreatConnect platform integration across Python, Java, and JavaScript environments.
API for querying domain security information, categorization, and related data.
TIH is an intelligence tool that helps you search for IOCs across multiple security feeds and APIs.
AbuseHelper is an open-source framework for receiving and redistributing abuse feeds and threat intel.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
Open Source Threat Intelligence Gathering and Processing Framework
Bearded Avenger is a cybersecurity tool with various integrations and deployment instructions available.
CIFv3 is the next version of the Cyber Intelligence Framework, developed against Ubuntu16, encouraging users to transition from CIFv2.
Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.
A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
CLI tool for ThreatCrowd.org with multiple query functions.
Python-based client for IBM XForce Exchange with an improved version available.
Aggregates security threats from online sources and outputs to various formats.
A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.
Gathers Threat Intelligence Feeds from publicly available sources and provides detailed output in CSV format.
Python APIs for serializing and de-serializing STIX2 JSON content with higher-level APIs for common tasks.
Forager is a threat intelligence tool that simplifies the retrieval, storage, and maintenance of threat data with a user-friendly interface and support for various data sources.
Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.
A Pythonic interface to the Internet Storm Center / DShield API
A method for profiling SSL/TLS Clients with easy-to-produce client fingerprints.
Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.
A program to extract IOCs from text files using regular expressions
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.
An open source threat intelligence platform for storing and managing cyber threat intelligence knowledge.
Repository containing IoCs related to Volexity's threat intelligence blog posts and tools.
CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.
The FASTEST Way to Consume Threat Intelligence and make it actionable.
A framework for managing cyber threat intelligence in structured formats.
A list of most queried domains based on passive DNS usage across the Umbrella global network.
A platform for accessing threat intelligence and collaborating on cyber threats.
RiskAnalytics Solutions offers community projects for cyber threat intelligence sharing and collaboration.
NECOMA focuses on data collection, threat analysis, and developing new cyberdefense mechanisms to protect infrastructure and endpoints.
A project focusing on understanding and combating threats to the Internet economy and net citizens.
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
Facilitating exchange of information and knowledge to collectively protect against cyberattacks.
A collaborative repository documenting TTPs and attack patterns associated with malicious OIDC/OAuth 2.0 applications.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
AI-powered malware detection service with web interface and API access
Network threat detection platform (product page unavailable)
Cloud-based DNS filtering solution for blocking malicious sites and content
Cloud-native DNS filtering solution that blocks malicious domains and threats
DentiGrid is an AI security platform that monitors, detect & prevent cyber threats.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
All-in-one vulnerability intelligence platform for prioritizing remediation efforts and driving security strategies.
A nonprofit security organization that collects and shares threat data to make the Internet more secure.
OpenPhish provides real-time phishing trends, detecting new phishing URLs and targeting various brands.
The Cybersecurity and Infrastructure Security Agency (CISA) is a government agency that provides alerts, advisories, and resources to help protect the United States' critical infrastructure from cyber threats.
A database of Tor exit nodes with their corresponding IP addresses and timestamps.
Daily feed of bad IPs with blacklist hit scores for cybersecurity professionals to stay informed about malicious IP addresses.
A collection of APT and cybercriminals campaigns with various resources and references.
A robust Python implementation of TAXII Services with a friendly pythonic API.
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data.
A library and command line interface for extracting URLs, IP addresses, MD5/SHA hashes, email addresses, and YARA rules from text corpora.
A set of configuration files to use with EclecticIQ's OpenTAXII implementation for MISP integration.
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
A Django web interface for managing Yara rules with features like search, categorization, and bulk edits.
Taxii2 server for interacting with taxii services.
A daily collection of IOCs from various sources, including articles and tweets.
A tool to extract indicators of compromise from security reports in PDF format.
Cyber Intelligence Management Platform with threat tracking, forensic artifacts, and YARA rule storage.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
Generate Bro intel files from pdf or html reports.
Repository of IOCs provided under the Apache 2.0 license
Python package for fanging and defanging indicators of compromise in text.
A modular tool for collecting intelligence sources for files and outputting in CSV format.
Collect various intelligence sources for hosts in CSV format.
An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.
Public access to Indicators of Compromise (IoCs) and other data for readers of Security Scorecard's technical blog posts and reports.
A modular malware collection and processing framework with support for various threat intelligence feeds.
A tool for extracting common indicators of compromise from a block of text.
A tool for extracting IOCs from various input sources and converting them into JSON format.
Check the reputation of an IP address to identify potential threats.
Freely available network IOCs for monitoring and incident response
List of publicly disclosed vulnerabilities with security filters and detailed advisories.
A platform providing an activity feed on exploited vulnerabilities.
TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.
A collaborative platform that gathers and analyzes security data to help professionals identify and mitigate cyber threats.
Common questions security professionals ask when evaluating alternatives and competitors to MITRE ATT&CK and CAPEC Datasets in STIX 2.0.
The most popular alternatives to MITRE ATT&CK and CAPEC Datasets in STIX 2.0 include Lunar, Webz.io, Hudson Rock Cybercrime Intelligence Tools, CybersecRadars, and Filigran OpenCTI. These Threat Intelligence Platforms tools offer similar capabilities and are frequently compared by security professionals evaluating their options.
