{
	"id": "3a67ee72-d0ec-47b2-be64-5252fec1e544",
	"created_at": "2026-04-06T01:31:33.584024Z",
	"updated_at": "2026-04-10T03:24:29.101772Z",
	"deleted_at": null,
	"sha1_hash": "98f25d6bdfcf370fbae1b2fdce46b53a8e1d9b11",
	"title": "10 of the Best Open Source Threat Intelligence Feeds",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43106,
	"plain_text": "10 of the Best Open Source Threat Intelligence Feeds\r\nBy Walker Banerd\r\nPublished: 2019-04-30 · Archived: 2026-04-06 00:44:34 UTC\r\nIn our quest to help security operations and incident response teams work more effectively, we’ve created a list of\r\nthe top 10 open source threat intelligence feeds.\r\nEach threat feed listed here integrates seamlessly with our Morpheus AI SOC solution, as do dozens of the top\r\nenterprise and subscription-based threat intelligence platforms.\r\n1. Department of Homeland Security: Automated Indicator Sharing\r\nPrivate companies are able to report cyber threat indicators with the DHS, which are then distributed via the\r\nAutomated Indicator Sharing website. This database helps reduce the effectiveness of simple attacks by exposing\r\nmalicious IP addresses, email senders, and more.\r\n2. FBI: InfraGard Portal\r\nThe FBI’s InfraGard Portal provides information relevant to 16 sectors of critical infrastructure. Private and public\r\nsector organizations can share information and security events, and the FBI also provides information on cyber\r\nattacks and threats that they are tracking.\r\n3. Abuse.ch\r\nSwiss-based abuse.ch, a Bern University project, collaborates with Spamhaus, serving IT experts and law\r\nenforcement. It tracks botnets, operates MalwareBazaar, URLhaus, and YARAify, focusing on malware like\r\nEmotet, Dridex, and malicious SSL certificates, sharing indicators of compromise.\r\n4. SANS: Internet Storm Center\r\nThe Internet Storm Center, formerly known as the Consensus Incidents Database, came to prominence in 2001,\r\nwhen it was responsible for the detection of the “Lion” worm. It uses a distributed sensor network that takes in\r\nover 20 million intrusion detection log entries per day to generate alerts regarding security threats. The site also\r\nprovides analysis, tools, and forums for security professionals.\r\n5. VirusTotal: VirusTotal\r\nVirusTotal uses dozens of antivirus scanners, blacklisting services, and other tools to analyze and extract data from\r\nfiles and URLs submitted by users. The service can be used to quickly check incidents like suspected phishing\r\nemails, and every submission is retained in its database to build a global picture of cyber threats.\r\nhttps://d3security.com/blog/10-of-the-best-open-source-threat-intelligence-feeds/\r\nPage 1 of 2\n\n6. Cisco: Talos Intelligence\r\nThe Talos threat intelligence team protects Cisco customers, but there is a free version of their service available.\r\nTalos’ unmatched tools and experience provide information about known threats, new vulnerabilities, and\r\nemerging dangers. Talos also provides research and analysis tools.\r\n7. VirusShare: VirusShare Malware Repository\r\nVirusShare is an online repository of malware created and maintained by J-Michael Roberts, a digital forensics\r\nexaminer. The site gives researchers, incident responders, and forensic investigators access millions of malware\r\nsamples.\r\n8. Google: Safe Browsing\r\nThe Safe Browsing service identifies dangerous websites and shares the information to raise awareness of security\r\nrisks. Safe Browsing finds thousands of unsafe sites every day, many of which are legitimate sites that have been\r\ncompromised by hackers.\r\n9. National Council of ISACs: Member ISACs\r\nWhile some ISAC feeds are quite expensive, others are free. The National Council of ISACs provides a\r\ncomprehensive list.\r\n10. The Spamhaus Project: Spamhaus\r\nSpamhaus is a European non-profit that tracks cyber threats and provides real-time threat intelligence. Spamhaus\r\nhas developed comprehensive block-lists for known spammers and malware distributors, which they provide to\r\nISPs, email service providers, and individual organizations.\r\nMorpheus AI, D3’s autonomous SOC solution integrates with hundreds of leading SOC tools, including threat\r\nintelligence platforms to automatically enrich alerts and incidents with contextual data. Schedule a demo today to\r\nlearn from one of our SOC automation experts how D3 can seamlessly bring threat intelligence into your security\r\noperations workflows.\r\nSource: https://d3security.com/blog/10-of-the-best-open-source-threat-intelligence-feeds/\r\nhttps://d3security.com/blog/10-of-the-best-open-source-threat-intelligence-feeds/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://d3security.com/blog/10-of-the-best-open-source-threat-intelligence-feeds/"
	],
	"report_names": [
		"10-of-the-best-open-source-threat-intelligence-feeds"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439093,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/98f25d6bdfcf370fbae1b2fdce46b53a8e1d9b11.pdf",
		"text": "https://archive.orkl.eu/98f25d6bdfcf370fbae1b2fdce46b53a8e1d9b11.txt",
		"img": "https://archive.orkl.eu/98f25d6bdfcf370fbae1b2fdce46b53a8e1d9b11.jpg"
	}
}