Threat Intelligence Database

THIS SHARE IS LIMITED TO A WEEK'S WORTH OF DATA FROM THE PREVIOUS MONTH Our daily Threat Intelligence Database gives you actionable insights into the latest cyber threats, including malware, phishing, C2 (C&C), botnets, and other malicious activity. Choose from raw or pre-filtered data feeds that seamlessly integrate with your security systems, allowing you to detect and respond to threats and safeguard your business quickly. Review our website to access the complete Threat Intelligence Database (https://falconsentinel.com/threat-database/?ref=sf). Formats included: - Malicious IPv4/IPv6 address data feeds - Malicious domain name data feed - Malicious URL data feed - Malicious CIDR data feed Fields included: - ip – IoC: IPv4 and IPv6 addresses. IPv6 feed also contains IPv4 addresses represented in the IPv6 notation. - cidr – IoC: IPv4 and IPv6 ranges in CIDR notation. IPv6 feed also contains IPv4 ranges represented in the IPv6 notation. - domainName – IoC: domain name. - url – IoC: URL. It might be absolute (https://example.com/files/badfile.php) or relative (/files/badfile.php). Relative URLs do not have a corresponding domainName field. - host – Domain name or IP for absolute URLs. - threatType – The threat type associated with the IoC. One of the following: attack, botnet, c2, malware, phishing, spam, suspicious, tor, generic. - lastSeen – UNIX timestamp when the activity was detected last time. The complete database (https://falconsentinel.com/threat-database/documentation?ref=sf) covers the following 9 threat types: - Attack: malicious activity detected from the host. For example, SSH brute-force, etc. - Botnet: a host was detected as an actor in a group of connected hosts that perform malicious activities (botnet). - C2 or C&C: the host is a known botnet's "Command and Control" server. - Malware: the IoC is related to malicious software distribution. It can be a host or a URL serving the malware. - Phishing: the indicator, usually a domain name or URL, is involved in Phishing activity. - Spam: a host engaged in sending spam. - Suspicious: IoC's activity hasn't been verified to be of malicious nature. For instance, it may be a host scraping websites, sending large amounts of ICMP queries, etc. - Tor: a host acts as a TOR exit node. - Generic: IoC has been involved in some form of malicious activity but couldn't be classified into one of the other categories. Our Threat Intelligence Database is powered by multiple sources, ensuring you receive comprehensive and accurate information to protect your organization. Our sources include the following: - Server logs: we scrutinize server logs to detect unusual activity and unauthorized access attempts. - Honeypots: we use decoy systems called honeypots to attract attackers and gather intelligence on the latest attack methods. - OSINT: we collect threat intelligence from open sources such as social media, forums, and blogs to stay informed on emerging threats and trends. - Abuse reports (ISPs): we monitor abuse reports from internet service providers to identify potential threats and malicious activity. - Our own researches: our team of experts conducts in-depth research to identify new and emerging threats and provide a comprehensive analysis of existing threats.