Threat Intelligence

Our Threat intel is made available using our threat intel platform (MISP) which can be accessed via web, API, or MISP Sync. The intel can be exported to txt, csv, STIX, MISP, etc. as needed to import into your IDS, SIEM, EDR, SOAR, etc. We can provide assistance if you need help setting this up in your environment.

Threat Feed

We track infrastructure related to Cobalt Strike, BumbleBee, IcedID, PoshC2, BianLian, Covenant, Metasploit, Empire, Meterpreter stagers and more. We are continually adding and removing frameworks as they pop up or get taken down.

This feed consists of lists of IP addresses that can be used to detect egress traffic. Due to our methods, we have a very low false positive rate and are able to validate each IP at least daily.

Threat Feed + Ports

This service consists of the Threat Feed as mentioned above, plus the port(s) we detected the C2 framework on. This can be used to improve detection based on IP + Port. This service is coming soon as it’s currently part of the All Intel offering.

All Intel

This service includes all of the above plus private mini reports, private phishing and exploit events, long term infrastructure, Cobalt Strike config & beacons, OSINT linking, malware tagging, ransomware association, and other curated intel.


Pricing is dependent on use:

  • internal use – protecting your company or organization
  • multi-org use – protecting multiple companies or organizations
  • commercial – protecting companies or organizations customers

Please Contact Us for pricing and/or questions. We look forward to helping you protect your organization.