Threat Intel Catalog
Every routable page in the threat-intel area — 124 pages across 17 hubs. Search by name, route, or keyword, or filter by category. New pages are added to the home page and the sidebar automatically.
?q=…&cat=…Actors & Threat Groups· 11
Threat-actor profiles, attribution, DNA, timelines, and APT tracking.
Actor Directory
Unified actor browser — MITRE ATT&CK, MISP Galaxy, and platform DB.
/threatintel/actors/directoryopenActor Timeline
Posting activity and operational tempo per actor.
/threatintel/actors/timelineopenActor DNA
TTP signatures and infrastructure fingerprints.
/threatintel/actors/dnaopenActor Usernames
Search forum handles across 2M+ records.
/threatintel/actors/usernamesopenAttribution Framework
Attribution framework and analysis.
/threatintel/actors/attributionopenThreat Actor Catalog
Curated profiles — aliases, countries, malware, TTPs.
/threatintel/actors/catalogopenActor Graph
Visualize actor → actor → IOC connections.
/threatintel/actors/graphopenAPT Tracker
APT group tracker organised by region — China, Russia, Iran, North Korea, NATO, Middle East, Israel.
/threatintel/apt-trackeropenMost Wanted Actors
Top-priority threat actors — LockBit, Cl0p, Scattered Spider, BlackCat, and other high-impact groups.
/threatintel/most-wantedopenExtremist Groups
Ideology-driven extremist group tracking with indicators and monitoring sources.
/threatintel/extremistsopenOnline Predators
Online predator categories, regional risk, and intervention resources.
/threatintel/predatorsopen
Campaigns & Briefings· 5
Active and historical campaigns, attribution, briefings, and assessments.
Active Campaigns
Active campaign tracker with status, severity, and IOC rollups.
/threatintel/campaigns/activeopenCampaign Lifecycle
Discovery → exploitation → actions on objectives.
/threatintel/campaigns/lifecycleopen- new
Campaign Generator
AI-powered campaign generation for tabletop exercises.
/threatintel/campaigns/generatoropen Cross-Campaign
Find connections across campaigns, actors, and IOCs.
/threatintel/campaigns/crossopenDaily & Weekly Briefings
Tactical digests with IOCs, severity, and detection guidance.
/threatintel/briefingsopen
IOCs & Threat Intel· 10
Live indicator streams, enrichment, C2 tracking, and supply-chain intel.
- live
Live IOC Stream
Real-time IOC feed from 12+ providers — IP, domain, hash, URL.
/threatintel/iocs/liveopen IOC Enrichment
Pivot and enrich any indicator across VT, AbuseIPDB, Shodan, OTX.
/threatintel/iocs/enrichmentopenIOC Feeds
Structured indicator feeds ready for SIEM, EDR, or CTI ingestion.
/threatintel/iocs/feedsopenEntity Resolution
Resolve entities across intel sources — actor, malware, campaign.
/threatintel/iocs/entityopen- live
C2 Tracker
Live C2 infrastructure tracker — Cobalt Strike, Sliver, Mythic, 30+ families.
/threatintel/iocs/c2open Threat Map
Geo-visualization of IOCs by country and ASN.
/threatintel/iocs/mapopenCross-Correlate
Cross-source IOC correlation — single-feed vs multi-feed confidence.
/threatintel/iocs/crossopenIOC Correlation
IOC correlation analysis with timeline.
/threatintel/iocs/correlationopenAggregated Feeds
Aggregated feed browser — what each provider ships.
/threatintel/iocs/aggregatedopenObservable DB
Every indicator seen, with provenance.
/threatintel/iocs/observableopen
CVEs & Vulnerabilities· 3
CVE intel, KEV catalog, GitHub advisories, and exploit tracking.
CVE Intel
Unified CVE intelligence — NVD + KEV + EPSS + exploit availability.
/threatintel/cves/cvesopenGitHub Advisories
GitHub security advisories with affected versions and patches.
/threatintel/cves/advisoriesopenCVE Resources
CVE resource catalogs — patch priority, exploit DB, vendor bulletins.
/threatintel/cves/resourcesopen
Malware & Samples· 6
Malware IOCs, sandbox, sample vault, malicious packages, and family encyclopedia.
Malware IOCs
Malware IOC feeds across 50+ families.
/threatintel/malware/iocsopenMalware Vault
Malware sample vault with hashes and metadata.
/threatintel/malware/vaultopen- new
Malware Sandbox
Hash lookup across 10+ sandbox platforms — consensus verdict.
/threatintel/malware/sandboxopen Malicious Packages
Malicious package tracking — npm, PyPI, RubyGems, Maven, NuGet.
/threatintel/malware/packagesopenMalpedia
Malpedia malware encyclopedia — families, YARA, references.
/threatintel/malware/malpediaopenMaltrail Trails
Maltrail detection trails for known malware.
/threatintel/malware/maltrailopen
Feeds & Sources· 7
Feed catalog, sources, quality, scheduler, and reliability tracking.
Feed Catalog
Feed file browser with format and sample preview.
/threatintel/feeds/catalogopenFeed Sources
Feed source registry with enabled/disabled state.
/threatintel/feeds/sourcesopenFeed Quality
Feed quality metrics — freshness, accuracy, FP rate.
/threatintel/feeds/qualityopenFeed Scheduler
Feed scheduling and orchestration — cron, retry, backoff.
/threatintel/feeds/scheduleropen- live
Threat Feeds
Curated threat intelligence feeds from 50+ providers.
/threatintel/feeds/threatfeedsopen My Threat Intel
My curated threat-intel feed — personal bookmarks and follows.
/threatintel/feeds/mythreatintelopenSource Health
Operational status, SLO metrics, and NATO Admiralty trust grades for every upstream feed.
/threatintel/source-healthopen
Social & Live Feeds· 6
Telegram, X/Bluesky, Reddit, and crypto-scam streams.
- live
Social Firehose
Multi-platform social media firehose.
/threatintel/social/firehoseopen Tech & AI News
Tech and AI news aggregation.
/threatintel/social/newsopen- live
Crypto Scam Feed
Crypto scam feed — wallet addresses, drainers, phishing sites.
/threatintel/social/crypto-scamopen - new
Telegram Intelligence Hub
Unified Telegram CTI workspace — free cross-source search, KPIs, and entry points to all Telegram surfaces (leak monitor, IOC pipeline, channel discovery, settings).
/threatintel/telegramopen - live
Telegram Leak Monitor
Telegram Intelligence Hub — 7 tabs: firehose (merged cross-source stream), leak feed, channel search (tgstat-backed), statistics, channel discovery, linked actors (channel → MITRE pivot), and settings.
/threatintel/telegram-monitoropen - new
Telegram IOC Pipeline
Telegram-leaked IOCs flowing into the cross-source consensus — hashes, IPs, domains, CVEs, URLs from monitored channels (7-day window).
/threatintel/telegram-iocsopen
Dark Web & Cybercrime· 14
Dark-web monitoring, ransomware activity, breach forums, and infostealer logs.
Dark Web Watch
Dark-web monitoring dashboard.
/threatintel/darkweb/watchopenDarknet Markets Timeline
Darknet market timelines — Empire, Genesis, Hydra successors.
/threatintel/darkweb/marketsopenBreach Forums
Breach forum tracker — posts, threads, user activity.
/threatintel/darkweb/forumsopenDeepDarkCTI
DeepDark CTI sources — vetted onion feeds.
/threatintel/darkweb/deepdarkopenCybercrime
Cybercrime ecosystem intelligence — actors, services, pricing.
/threatintel/darkweb/crimeopenPhysical Bitcoin Attacks
Physical Bitcoin attack tracking — wrench attacks, kidnappings.
/threatintel/darkweb/bitcoinopen- live
Infostealer Logs
Infostealer log analysis — credentials, cookies, system fingerprints.
/threatintel/darkweb/infostealeropen - live
Secret Leaks
Secret and credential leak monitoring across paste sites.
/threatintel/darkweb/leaksopen Breach Disclosures
Breach disclosure feed — official statements and regulatory filings.
/threatintel/darkweb/disclosuresopenRansom Report
Per-group ransomware CTI dossier — TTPs, victims, demands.
/threatintel/darkweb/ransom-reportopen- live
Ransomware Activity
Live ransomware activity feed — new victims, leak posts.
/threatintel/darkweb/ransom-activityopen Ransomware Map
Ransomware victim geo map — country, sector, group.
/threatintel/darkweb/ransom-mapopenRansomwhere
Crypto wallet directory tied to known ransom groups.
/threatintel/darkweb/ransomwhereopenransomware.live PRO
Authenticated PRO surface — victim stats, recent cyberattacks, negotiations, and YARA packs.
/threatintel/ransomware-liveopen
Phishing & Email Defense· 3
Phish feed, wordlists, scam watch, and email-defense analysis.
- live
Phish Feed
Phishing feed aggregation — fresh URLs and lure analysis.
/threatintel/phishing/phishopen Phishing Wordlists
Phishing hunting wordlists — brand, gift-card, sextortion, BEC.
/threatintel/phishing/urlsopenScam Watch
Scam watch and monitoring — pig-butchering, romance, investment.
/threatintel/phishing/scamopen
Infrastructure & Cloud· 4
Cloud threat landscape, infrastructure intel, web assets, and domain monitoring.
Cloud Threat Landscape
Cloud threat landscape — AWS, Azure, GCP, Kubernetes, SaaS.
/threatintel/infra/cloudopenInfrastructure Intel
Infrastructure intelligence — ASN, IP, certificate, hosting pivots.
/threatintel/infra/infraopenWebamon
Web asset monitoring — external footprint, exposed services, drift detection.
/threatintel/infra/webamonopenDomain Monitor
Domain monitoring — typosquats, lookalikes, certificate transparency.
/threatintel/infra/domainopen
Detection & Response· 4
Detection rules, ATT&CK mapping, YARA, and threat signal feeds.
Detection Rules
Detection rule catalog — Sigma, YARA, Suricata, KQL.
/threatintel/detections/detectionsopenDISARM Framework
DISARM red-team framework mapping.
/threatintel/detections/disarmopenYARA Hub
YARA rule hub — community and curated rules.
/threatintel/detections/yaraopenThreat Signal RSS
Threat-signal RSS feed with auto-classified indicators.
/threatintel/detections/signalopen
Research & Reports· 12
Research posts, intelligence reports, write-ups, and external research.
Research Index
Long-form research posts and deep-dive analyses.
/threatintel/research-hub/researchopenThreat Intel Reports
Original research reports with IOCs, detections, severity scoring.
/threatintel/research-hub/reportsopen- new
AI Reports
AI-generated research reports from LLM analysis.
/threatintel/research-hub/aiopen Write-ups
Security write-ups and post-mortems.
/threatintel/research-hub/writeupsopenResearch Signal
Research-signal feed — what changed since last visit.
/threatintel/research-hub/signalopenRedHunt Insights
RedHunt Labs threat-intel insights.
/threatintel/research-hub/redhuntopenRedHunt Labs Research
RedHunt Labs research feed.
/threatintel/research-hub/redhunt-labsopenVolexity Threat Intel
Volexity threat-intelligence posts.
/threatintel/research-hub/volexityopenResearch Post
Individual research post (template page).
/threatintel/research-hub/postopenAttack Flow Library
ATT&CK attack-flow library with reusable patterns.
/threatintel/research-hub/attack-flowopenKnowledge Graph
Knowledge graph of actors, malware, campaigns, IOCs.
/threatintel/research-hub/knowledgeopenACH
Analysis of Competing Hypotheses.
/threatintel/research-hub/achopen
Knowledge & Frameworks· 7
Wiki, MITRE ATT&CK, F3EAD, insider threat, OWASP AI, and LLM atlas.
Threat Intel Wiki
Long-form articles on Telegram OSINT, dark-web monitoring.
/threatintel/wiki/wikiopenMITRE ATT&CK
MITRE ATT&CK matrix with technique pivots.
/threatintel/wiki/mitreopenF3EAD
F3EAD intelligence workflow framework.
/threatintel/wiki/f3eadopenInsider Threat Matrix
Insider threat matrix and detection guidance.
/threatintel/wiki/insideropenOWASP AI Landscape
OWASP AI security landscape and LLM top-10.
/threatintel/wiki/owaspopenLLM Threat Atlas
MITRE ATLAS — LLM/AI threat atlas.
/threatintel/wiki/llmopenAbout the Platform
What is covered, data principles, and the analyst-first design intent behind the surface.
/threatintel/aboutopen
OSINT· 6
OSINT frameworks, CLI tools, country map, and curated toolbox.
OSINT Framework
OSINT framework browser — 70+ tools organized by category.
/threatintel/osint/frameworkopen- new
OSINT CLI Tools
Curated CLI tools — username, email, domain, social, recon.
/threatintel/osint/cliopen OSINT Country Map
Country-based OSINT map — sources by jurisdiction.
/threatintel/osint/mapopenCurated Toolbox
Curated security toolbox — hand-picked, vetted, well-maintained.
/threatintel/osint/toolboxopen- new
Free Cert Courses
Syberseeker’s start.me hub of free certification tracks — security, cloud, blue team, OSINT, GRC.
/threatintel/osint/certsopen SecOps Tools
SecOps tools catalog — SIEM, EDR, SOAR, log shippers.
/threatintel/osint/secopsopen
Tools & Utilities· 9
AI copilot, MCP search, MISP, STIX, investigations, and watches.
- new
Threat Intel Copilot
AI copilot — ask, pivot, summarize, draft.
/threatintel/tools/copilotopen Copilot Chat
Direct chat interface for the threat-intel copilot.
/threatintel/tools/copilot-chatopenMCP Search
MCP (Model Context Protocol) tool search.
/threatintel/tools/mcpopenMISP Browser
MISP galaxy and event browser.
/threatintel/tools/mispopen- new
STIX Bundle Browser
Browse and download STIX 2.1 bundles for OpenCTI, MISP, etc.
/threatintel/tools/stixopen Investigations
Investigation case manager — open, closed, shared.
/threatintel/tools/investigationsopenWatches
Watch lists — actor, indicator, keyword, and saved searches.
/threatintel/tools/watchesopenUnified Search
Cross-source search across the entire platform.
/threatintel/tools/unified-searchopenIntegrations & Settings
What integrations are wired in and what capability each one unlocks for the platform.
/threatintel/tools/settingsopen
External Resources· 3
External directories, supply-chain intel, and awesome lists.
External Resources
Off-site cross-references — dashboards, OSINT directories, training labs.
/threatintel/external/externalopenSupply Chain Intel
Supply chain intelligence — SolarWinds, 3CX, MOVEit, XZ Utils.
/threatintel/external/supplyopenAwesome Lists
Curated awesome-security list — vetted, ranked, kept current.
/threatintel/external/awesomeopen
Predictive & Dashboards· 14
Intel dashboard, predictions, metrics, and predictive analysis.
Intel Dashboard
Top-level intel dashboard — key stats, trending, top actors.
/threatintel/predictive/dashboardopen- live
Global Pulse
Live 3D globe — 700+ events across 21 layers.
/threatintel/predictive/global-pulseopen - live
Threat Pulse
Threat-pulse tracking — actor activity, campaign spikes, geo shifts.
/threatintel/predictive/threat-pulseopen - live
CertStream
Certificate transparency live feed.
/threatintel/predictive/certstreamopen PIR Dashboard
Priority Intelligence Requirements dashboard.
/threatintel/predictive/piropenMetrics
Ten-panel metrics board.
/threatintel/predictive/metricsopenAnalytics & Ops
Platform health, feed reliability, and intel metrics.
/threatintel/predictive/analyticsopenPredictions
Forward-looking threat predictions with confidence.
/threatintel/predictive/predictionsopenPredictive Intel
AI-driven threat forecasting from current trends.
/threatintel/predictive/predictiveopenAnalyze
Intelligence analysis workspace.
/threatintel/predictive/analyzeopenAssessments
Security assessments and risk scoring.
/threatintel/predictive/assessmentsopen- live
Observe
Observation dashboard — what is happening right now.
/threatintel/predictive/observeopen SOC Dashboard
Unified tactical SOC view — ransomware, vulnerabilities, and IOC stream panels.
/threatintel/soc-dashboardopenLive Center — Web OSINT
Browser-based live OSINT tools with install, example, and reference URL per tool.
/threatintel/live-centeropen