Open Threat Intelligence Platform

Malware intelligence, aggregated and actionable

MalwareIntel aggregates, normalizes and visualizes threat intelligence from 70+ public feeds. Built for SOC analysts, threat hunters and incident response teams who need fast context.

Start free View Dashboard
malwareintel-cli
0
Intelligence Sources
0
IOCs
0
Malware Families
0
Detection Rules

6 entities, one knowledge graph

Every piece of intelligence is connected. Families to actors, actors to campaigns, campaigns to TTPs, TTPs to D3FEND mitigations.

Malware Families4,200+
LockBit 3.0, Emotet, RedLine, Cobalt Strike
Threat Actors174
APT28, Lazarus, FIN7, Cl0p
TTPs (ATT&CK)697
T1566 Phishing, T1055 Process Injection
IOCs273K+
IPv4, SHA256, FQDN, URL, JA3, CVE
Detection Rules3,600+
Sigma (3,132) + YARA (500)
D3FEND Mitigations270
D3-NM, D3-SCF, D3-BA, D3-OAM

Everything you need for defensive intelligence

From raw IOCs to actionable threat context. MalwareIntel connects the dots between families, actors, campaigns and mitigations.

Knowledge Graph
Interactive force-directed graph connecting malware families, actors, campaigns, TTPs and IOCs. Explore complex relationships at a glance.
MITRE ATT&CK Mapping
Full ATT&CK heatmap with automatic TTP extraction from 70+ feeds. Each technique links to its D3FEND countermeasures.
IOC Search & Export
Search any indicator (IP, hash, domain, URL, JA3) with automatic type detection. Export as CSV or STIX 2.1 for your SIEM.
70+ Intelligence Feeds
Automated ingestion from MalwareBazaar, ThreatFox, Feodo Tracker, OTX, MISP, CISA KEV, Malpedia and 60+ more. Deduplication and normalization included.
Risk Scoring
Multidimensional D1-D5 score per family: IOC confidence, recency, actor sophistication, sector coverage and CVE severity.
Semantic Search
Natural language queries over vector embeddings. Find families by behavior, not just exact keywords.

70+ public feeds, one platform

Automated ingestion with deduplication, normalization, confidence scoring and automatic family linking.

Built for security teams

SOC Analyst
Look up any IOC in seconds. Instant context: family, expected TTPs, mitigations to apply. Confidence scoring tells you how much to trust each indicator.
Threat Hunter
Explore the knowledge graph to discover connections between actors, families and campaigns. Semantic search by behavior. Export STIX 2.1 bundles for your TIP.
CISO / IR Lead
Dashboard with trending families in your sector. Risk scoring for the most dangerous active threats. Feed health monitoring so your pipeline never goes stale.

Self-hosted. Your data stays yours.

Deploy on your infrastructure. No cloud dependencies, no vendor lock-in. ENS Alto, NIS2 and GDPR compliant. All intelligence is processed and stored in your environment.

$ docker compose up -d
Creating malwareintel-db-1 ... done
Creating malwareintel-redis-1 ... done
Creating malwareintel-qdrant-1 ... done
Creating malwareintel-backend-1 ... done
Creating malwareintel-worker-1 ... done
Creating malwareintel-frontend-1 ... done
$ malwareintel ingest --all
Ingesting 13 feeds... 47,832 IOCs processed.

Open Source Threat Intelligence for Security Teams

MalwareIntel is a free cyber threat intelligence platform for SOC analysts, threat hunters and incident response teams. We aggregate data from 70+ public sources including MalwareBazaar, ThreatFox, MITRE ATT&CK, Malpedia and European CERTs (CERT-FR, NCSC-UK, BSI, CERT-UA) to provide a unified view of the threat landscape.

Search across 273,000+ indicators of compromise, explore relationships between malware families and threat actors with our interactive Knowledge Graph, and access 3,600+ detection rules (Sigma + YARA) and 7,600+ public exploits. Every family is mapped to MITRE ATT&CK techniques with D3FEND defensive mitigations and downloadable detection packages.

Our blog features 300+ technical articles on ransomware analysis, rootkits, actor profiles and reverse engineering. All content is free without registration. Premium plans unlock API access, CSV/STIX export, custom monitors and real-time alerts.

Start building your threat intelligence picture

Informational platform for defense. No binaries, no payloads. Just actionable intelligence to protect your organization.

Create free account CTI Blog