OpenCTI Integration Feeds Library

Damian Skeeles
Threatview.io - C2 Hunt Feed
July 24, 2025
Threat Intelligence
Detection & prevention sources
CobaltStrike
A list of CobaltStrike Infrastructure from https://threatview.io/Downloads/High-Confidence-CobaltStrike-C2 -Feeds.txt
PUBLISHED
Nicolas Quintin
Dan.me.uk (All TOR nodes)
July 16, 2025
Detection & prevention sources
Ingest IPs: The IP list provided by dan.me.uk contains addresses known to be used by TOR nodes. These nodes are often hosted on cloud infrastructure or by hosting providers such as AWS, Azure, Hetzner, and others.
PUBLISHED
Nicolas Quintin
Spamhaus DROP list
July 16, 2025
Detection & prevention sources
Ingest IPs with SBL record ID in description: The Spamhaus DROP list (Don't Route Or Peer) is a list of IP address ranges controlled by threat actors and used exclusively for malicious activity, such as spam, malware distribution, and botnet operati
PUBLISHED
Jean-Philippe Salles
Dan.me.uk (EXIT Nodes only)
July 16, 2025
Detection & prevention sources
Ingest IPs: The IP list provided by dan.me.uk contains addresses known to be used by TOR nodes. This list contains only IPs linked to EXIT nodes of the TOR infrastructure.
PUBLISHED
Lucas Guiglionia
LolBas Project
July 16, 2025
Data library import
LolBas
Ingest the LOLBAS Project CSV file into OpenCTI, mapping living-off-the-land binaries as tools with contextual metadata.
PUBLISHED
Jermain Njemanze
Blocklist.de
July 16, 2025
Threat Intelligence
stream consumer sources
This CSV feed and mapper ingests the latest IP addresses reported on www.blocklist.de
PUBLISHED
Damian Skeeles
James Brine Threat Feed Endpoint
July 16, 2025
Threat Intelligence
Detection & prevention sources
A list of IPs observed attempting brute force attacks, from https://jamesbrine.com.au/csv
PUBLISHED
Damian Skeeles
Emerging Threats Blockrules Compromised IPs
July 16, 2025
Threat Intelligence
Detection & prevention sources
Proactive Security
This text feed and mapper ingests recently reported compromised IPs from https://rules.emergingthreats.net/blockrules/compromised-ips.txt
PUBLISHED
Damian Skeeles
Threatview.io - Bitcoin Address Intel
July 16, 2025
Threat Intelligence
cryptocurrency
A list of malicious Cryptocurrency Wallets from https://threatview.io/Downloads/MALICIOUS-BITCOIN_FEED.txt
PUBLISHED

OpenCTI Integration Feeds Library | XTM Hub by Filigran