Anomali supports two Well-Fed Intelligence DGA feeds from Bambenek Consulting. These feeds track 53 families of malware and about one million malicious domains using Domain Generation Algorithms. Created hourly with resolution, domain, IP and nameserver info. This channel is a list of all actively resolving and non-whitelisted domains.

BforeAI is a leader in predictive security solutions helping organizations prevent intrusions and data exfiltration by predicting vectors of future attacks. The information is used in PreCrime™ - predictive cyber threat intelligence that enhances existing security solutions (firewalls, DNS resolvers, anti-phish filters, proxies, etc.) with foresight. BforeAI's patented AI technology combined with hyperscale observation infrastructure and modern APIs augment customers' security postures with predictions.

Bitdefender Reputation Threat Intelligence Feeds & Services represents a broad portfolio of real-time, highly curated threat data, covering a wide area of IoCs, including all typology of malicious domains, IPs, URLs, filehashes, and known vulnerabilities. Available feeds contain dedicated IoCs for Command and Control (C2), mobile malware, ransomware, and phishing/fraud.

Certego Data Feeds provide EU and Italy-focused threat intelligence, categorizing malicious IPs and domains by type and reliability. Powered by Quokka, they deliver real-time insights, block threats, and improve efficiency for MDR and MSSP services.

Cisco® Secure Malware Analytics (formerly Threat Grid) combines two of the leading malware protection solutions: unified malware analysis and context-rich intelligence. It empowers security professionals to proactively defend against and quickly recover from cyber attacks. Secure Malware Analytics crowd-sources malware from a closed community and analyzes all samples using proprietary, highly secure techniques that include static and dynamic (sandboxing) analysis. It correlates the results with hundreds of millions of other analyzed malware artifacts to provide a global view of malware attacks, campaigns, and their distribution. Security teams can quickly correlate a single sample of observed activity and characteristics against millions of other samples to fully understand its behaviors in a historical and global context.

Cyberint's digital risk protection enhances threat intelligence using IOCs from OSINT and deep-dark-web sources. It offers a query API and daily feed to enrich security tools, blacklists, and threat intelligence with detailed indicators and scores.

Accelerate time-to-intel with Cybersixgill's best-in-market threat intelligence from the deep and dark web. Cybersixgill's premium underground intelligence collection capabilities, real-time collection, and advanced warning about IOCs will help you keep your edge against unknown threats.

‍

Dataminr Pulse for Cyber Risk brings the leading AI-powered real-time alerting into Anomali, easily fitting into your workflows and enabling rapid identification and mitigation of emerging threats so you can deliver faster time to detection and response.

‍

‍

Enhance detection and blocking of dangerous infrastructure with the Domain Hotlist, powered by DomainTools® Risk Score. Updated daily with high-risk domains for blocking rules.

The Feedly integration with Anomali ThreatStream provides a simple way to ingest articles and threat intelligence reports discovered in Feedly. The integration ingests full article content and insights discovered by Feedly AI, such as IoCs and the relationships between threat actors, malware, TTPs, and CVEs.

Flashpoint is the pioneering leader in threat data and intelligence. We empower commercial enterprises and government agencies to decisively confront complex security challenges, reduce risk, and improve operational resilience amid fast-evolving threats. Through the Flashpoint Ignite platform, we deliver unparalleled depth, breadth, and speed of data from highly relevant sources, enriched by human insights. Our solutions span cyber threat intelligence, vulnerability intelligence, geopolitical risk, physical security, fraud, and brand protection. The result: our customers safeguard critical assets, avoid financial loss, and protect lives.

Identify infected devices, bots & malware. Prevent DDoS, unauthorized logins, network breaches & more. Endpoint data gathered from 640 million users monthly via JavaScript sensors placed on 12 million URLs.

GreyNoise's integration with Anomali ThreatStream helps security analysts save time by revealing which events they can ignore. GreyNoise's data is a curation of IPs that saturate security tools with noise, like mass-internet scanners and harmless business services. This unique perspective helps analysts confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats.

Users can also enrich against GreyNoise to reduce observables created by mass-internet scanning and create more time to investigate targeted attacks. This enrichment provides context into IP behavior: intent, tags, first seen, last seen, geo-data, ports, OS and JA3. Advanced features showing timeline and similarity based information is available for users with those subscription features.

‍

X-Force Premier Threat Intelligence contains the latest threat information findings across X-Force investigations and research. You get OSINT Advisories, Malware Analysis reports, Threat Group profiles, and Threat Activity indicators.

Most threat intelligence solutions suffer because the data is too hard to standardize and verify. Meta created the ThreatExchange platform so that participating organizations can share threat data using a convenient, structured, and easy-to-use API that provides privacy controls to enable sharing with only desired groups.

PolySwarm seamlessly integrates via API and allows Anomali’s users to obtain file and URL reputation services with a single click, in real-time, from a network of independent malware detection engines. PolySwarm enriches samples with diverse threat indicators and allows threat hunters and SOC analysts to search for and identify relationships between diverse malware families and threat indicators. integration allows users to obtain file and URL reputation services with a single click, in real-time, from a network of independent malware detection engines. PolySwarm summarizes crowdsourced verdicts into a single, authoritative number called PolyScore™, providing the probability a given file contains malware.

RESONANCE by Spider Silk identifies specific threats, data leaks, and vulnerabilities on publicly-accessible assets.

‍

The same actionable threat intelligence you expect from Digital Shadows SearchLight is now built in to the ReliaQuest GreyMatter security operations platform. ReliaQuest GreyMatter can help continuously monitor open, deep, and dark web sources to isolate legitimate threats and provide quick and easy remediation.

‍

Resecurity's live IoC/IoA feed includes malicious activity, threat actors, ransomware, and espionage. Resecurity's intelligence is based on 254 million IPs and Dark Web research.

SEKOIA.IO CTI is a mix of exclusive SEKOIA.IO threat intelligence data coming from C2 trackers, VT trackers, honeypots and refined OSINT data. The threat intelligence provided by SEKOIA.IO is easily actionable within Anomali ThreatStream as it's highly structured in STIX 2.1, fully contextualized and built for detection purposes. SEKOIA.IO CTI subscription includes an API and a web portal access.

‍

The Shadowserver Foundation is a nonprofit organization with an altruistic mission to make the Internet more secure for everyone. Shadowserver provides free daily potential attack surface reports and identifies potential malware and malicious activity relevant to your organization’s network or constituency.

This Spamhaus feed provides comprehensive intelligence on Botnet infrastructure (infected devices and controllers) and Command and Control (C2) infrastructure used in malware distribution and other malicious activities.

Companion threat intelligence feed for SWIFT customers via the SWIFT ISAC. The ISAC, part of the SWIFT CSP, is a dedicated part of swift.com through which SWIFT shares information related to security threats potentially impacting the SWIFT community. This information includes malware details such as file hashes and YARA rules, IoCs, as well as details on the Modus Operandi used by the cyber-criminals.

Anomali ThreatStream supports three intelligence feeds from Team Cymru. The Botnet Analysis & Reporting Service (BARS) feed provides in-depth analysis, tracking, and history of 40+ malware families that utilize unique control protocols and possibly encryption mechanisms. The Controller feed offers near-real-time identification of botnet command and control (C&C) IP addresses (IRC, http, and P2P) built for DDoS, warez, and underground economy to include bot types, passwords, channels, and our insight. The Reputation feed allows subscribers to monitor for infected computers visiting their networks to identify compromised hosts as they access their networks, thus enabling them to monitor or block these infected hosts before they can cause any damage.

ThreatWorx's Attenu8 Threat Intelligence offers machine-curated, AI-enhanced threat and vulnerability intelligence with advanced keyword based filtering and noise reduction.

ThreatBook CTI provides high-fidelity intelligence collected from alerts from real customer cases, using ThreatBook's 99.9% high-fidelity threat intelligence to help enterprises with compromise detection, alarm noise reduction, and focusing on real threats.

Ingest IOCs, malware attributes, threat families, and detailed reports from files, URLs, and emails, submitted to VMRay by CERT, SOC, and CTI teams. VMRay’s automated deep analysis and enrichment of samples produces reliable threat intelligence extraction.