Cyber Threat Intelligence (CTI)

Cyber threat intelligence is knowledge, skills and experience-based information concerning the occurrence and assessment of both cyber and physical threats and threat actors that is intended to help mitigate potential attacks and harmful events occurring in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web. In recent years, threat intelligence has become a crucial part of companies' cyber security strategy since it allows companies to be more proactive in their approach and determine which threats represent the greatest risks to a business. This puts companies on a more proactive front - actively trying to find their vulnerabilities and prevents hacks before they happen.

Threat Feeds and Platforms

• OpenTAXII

• cti-taxii-client

• Sigma Command Line Interface

• OpenCTI Platform

• Vertex Synapse

• DocIntel

• TweetFeed

• VirusTotal

• Malwoverview

• SOCRadar IOC Radar

• ThreatMiner

• DarkFeed

• Open Source Threat Intel Feeds

• IoCs Repository by SophosLabs

• malware-IoC

• SOC Prime

• Mihari Knowledge Base

• InfraGard

• Mandiant Threat Intelligence

• CISA Automated Indicator Sharing (AIS)

• CyberCure

• Emerging Threats Rules

• Threat Feeds

• AbuseIPDB

• BrightCloud URL/IP Lookup

• CheckPhish

• Email Blocklist Checker

• IBM X-Force Exchange

• IPQualityScore

• Malware Domain List

• MalwareURL

• Open Threat Exchange

• Pulsedive

• ThreatSTOP Check IoC

• IPVoid

• MetaDefender

• Jotti's Malware Scan

• Hybrid Analysis

• Any.Run

• AntiScan.Me

• Joe Security

• UrlScan

• C2IntelFeeds

• AutonomousThreatSweeper

• MISP-tools

• Kleenscan

• PolySwarm

• AVCheck

• WannaBrowser

• Browserling

• EasyDMARC Phishing URL Checker

• IsItPhishing

• OpenPhish

• Phishing Army

• PhishCheck

• Phishing Initiative

• PhishStats

• PhishTank

• Stop Forum Spam

• ThreatCop Phishing URL Checker

• Web Inspector - Website Malware Scanner

• FortiGuard Web Filter

• Is It Hacked?

• Is It Phishing?

• McAfee Site Lookup

• MXToolbox Blacklists

• Quttera

• Reputation Authority

• Sucuri SiteCheck

• TrendMicro Site Safety

• URLQuery

• URLVoid

• Zscaler Zulu

• UNB CIC Datasets

• Rescure.me Feeds

• RansomLook

• FileScan.io Feed

• Phishunt.io

• ThreatJammer

• Threatable.io

• DigitalSide OSINT

• Akamai Threat Intelligence

• AlienVault OTX

• FireHOL IP Lists

• CINS Score

• Malshare

• Blocklist.de

• Talos Intelligence

• Spamhaus SBL

• HoneyDB Threats

• Cybercrime Tracker

• InQuest Labs

• YETI Platform

• Maltiverse

• FilterLists

• Tracker Radar by DuckDuckGo

• EasyList

• Blocklist Project Lists

• StevenBlack's Hosts

• DSI Blacklists

• AdGuard Filters

• FireBog

• Blocklist Project Lists

• OISD Blocklist

• Spootle Blocklist

• v.firebog.net Hosts

• Zeltser Malicious IP Blocklists

• Lightswitch05 Hosts

• StevenBlack Hosts

• NextDNS Metadata

• Someone Who Cares Hosts

• hagezi DNS Blocklists

• Nginx Bad Bot Blocker

• CrowdSec

• IPsum

• GeoIP Blocking with Firewalld

• StrictBlockPAllebone

GitHub Repos and Mind Maps

• Awesome Threat Intelligence

• Awesome Threat Detection Resources

• Open Source Tools for CTI

• Threat Intelligence MindMap

Abuse.ch

• MalwareBazaar

• Feodo Tracker

• SSL Blacklist

• URLhaus

• ThreatFox

• Yaraify

Cyber Threat Intelligence Top Resources

1. Open-source tools for Cyber Threat Intelligence (CTI)

2. ETDA Thailand APT Groups + ETDA Thailand APT Tools

3. Malware Analysis Insights - Adversaries

4. SOS Intelligence

5. MISP Galaxy

6. Lockheed Martin Cyber Kill Chain®

7. Vectr

CrowdStrike

• CrowdStrike Adversaries

• CrowdStrike Falcon Intelligence

• CrowdStrike Falcon Intelligence Recon

Anomali

• Anomali STAXX

• Anomali Cyber Watch

• Anomali ThreatStream

MITRE ATT&CK

Tidal Cyber

• Tidal Cyber

• Tidal Cyber Threat Groups

• Tidal Cyber Threat Profiling

Groups

1. SecureWorks Threat Profiles

2. Palo Alto Networks Unit 42 Playbook Viewer

3. Strangereal Intelligence - EternalLiberty

4. Dragos Threat Groups

5. Threat Group Cards (PDF)

ZoneFiles

• ZoneFiles Detailed Domain Lists

• ZoneFiles Compromised Domain List

• ZoneFiles Compromised IP List

Databases & Collections

1. Adversary Monikers - EternalLiberty

2. Campaign Monitor - APT CyberCriminal Campagin Collections

3. Mapping APT attacks - Exploring APT Campaigns

4. Adversary and Malware DB - Malpedia

5. Kaspersky APT list - Securelist

6. Cyber Operations Tracker - CFR

7. Threat Actor Map

8. APT WORLD MAP

9. APT Groups and Operations - Google Sheets

10. APT campaigns - Google Sheets

11. Russian APT ecosystem

12. National Security Archive - Kumu

13. Open Source Tools used by APTs - Intezer

14. APT Notes part I - GitHub

15. APT Notes part II - GitHub

16. APT Notes - GitHub

17. RedDrip7 APT tools - GitHub

18. RedDrip7 APT map - Qianxin Threat Intelligence Center

19. Carnegie Endowment for International Peace - Special Projects

Intelligence Agency and Security Services Internal Structure

• China: Chinese Cyber Operations Groups

• USA: US Cyber Operations Groups

• Russia: Russia's Cyber Operations Groups

• Iran: Iran Cyber Operations Groups

• EU: EU Cyber Operations Groups

• North Korea (DPRK): North Korea (DPRK) Cyber Operations Groups

APT researchers on Twitter

• ShadowChasing1

• Arkbird_SOLG

• cyberwar_15

• RedDrip7

• AnonySecAgency

• cyber__sloth

• blackorbird

• Rmy_Reserve

• h2jazi

• blackorbird

• _thespis

• DeadlyLynn

• 0xrb

• InQuest

• cyberoverdrive

• unpacker

• lazarusholic

CVEs / Exploits

• CISA Known Exploited Vulnerabilities Catalog

• CVExploits

• AttackerKB Activity Feed

• In The Wild

• CXSecurity WLB - CXSecurity Exploit

• Linux Kernel CVEs

• Feedly CVE

• ScanFactory CVEmoN

• Vuls

• Vulners

• ExploitAlert

• 0day Today

• KitPloit Exploits

• Exploit Database

• Exploit PH

• ZeroDay HITCON

• Rapid7 DB

• Seebug

• Sploitus

• VulDB

• Vulnerability Lab

• Vulmon

• CVETrends

• CVE Mitre

• CVE Circl

• CVE Stalker

• Snyk Security

• Mend Vulnerability Database

• Synapsint

• Aqua Security Vulnerability Database

• Zero Day Initiative Advisories

• Google Project Zero Issues

• Vulnerability Lab

• Red Hat Security Updates

• Cisco Security Advisories

• Microsoft Update Guide

• Google Sheets - Vulnerabilities

• OpenCVE

Breaches

• Expert Insights - Dark Web Monitoring Reviews

• Cyber Sixgill

• Breach Directory

• CyberNews - Personal Data Leak Check

• DDoS Secrets Wiki Categories

• Dehashed

• Have I Been Pwned

• IntelX

• LeakCheck

• Leak Lookup

• Leak Peek

• Nuclear Leaks

• PSBDMP - Pastebin Search

• Scattered Secrets

• Snusbase

• HackCheck.io

• Dark Tracer

• Dark Owl

• ReliaQuest - Dark Web Monitoring

• Rapid7 Threat Command

• Mozilla Firefox Monitor

• Dehashed

• IDStrong - Dark Web Monitoring

• Identity Guard Dark Web Scan

• ImmuniWeb Dark Web Exposure Monitoring

• Flare Identity Dark Web Monitoring

DarkWeb Resources

• DarkWeb GitHub Repository

• Safe Browsing on Dark Web

• Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations

• Breadcrumbs Dark Web Monitoring

• DarkScrape OSINT Tool for Scraping Dark Websites

Malware Information Sharing Platform (MISP)

• MISP Project

• MISP Training

• MISP Playbooks

• MISP Documentation (PDF)

• Best Practices in Threat Intelligence (PDF)

• Galaxy - Threat Intelligence Taxonomy (PDF)

• MISP Taxonomies (PDF)

• MISP Objects (PDF)