OpenCTI Integration Feeds Library

• Damian Skeeles

  Threatview.io - C2 Hunt Feed

  July 08, 2025
  Threat Intelligence

  Detection & prevention sources

  CobaltStrike

  A list of CobaltStrike Infrastructure from https://threatview.io/Downloads/High-Confidence-CobaltStrike-C2 -Feeds.txt

  PUBLISHED
• Lucas Guiglionia

  LolBas Project

  July 08, 2025
  Data library import

  LolBas

  Ingest the LOLBAS Project CSV file into OpenCTI, mapping living-off-the-land binaries as tools with contextual metadata.

  PUBLISHED
• Nicolas Quintin

  Dan.me.uk (All TOR nodes)

  July 08, 2025
  Detection & prevention sources

  Ingest IPs: The IP list provided by dan.me.uk contains addresses known to be used by TOR nodes. These nodes are often hosted on cloud infrastructure or by hosting providers such as AWS, Azure, Hetzner, and others.

  PUBLISHED
• Jean-Philippe Salles

  Dan.me.uk (EXIT Nodes only)

  July 08, 2025
  Detection & prevention sources

  Ingest IPs: The IP list provided by dan.me.uk contains addresses known to be used by TOR nodes. This list contains only IPs linked to EXIT nodes of the TOR infrastructure.

  PUBLISHED
• Damian Skeeles

  Emerging Threats Blockrules Compromised IPs

  July 07, 2025
  Threat Intelligence

  Detection & prevention sources

  Proactive Security

  This text feed and mapper ingests recently reported compromised IPs from https://rules.emergingthreats.net/blockrules/compromised-ips.txt

  PUBLISHED
• Damian Skeeles

  Threatview.io - Bitcoin Address Intel 

  July 06, 2025
  Threat Intelligence

  cryptocurrency

  A list of malicious Cryptocurrency Wallets from https://threatview.io/Downloads/MALICIOUS-BITCOIN_FEED.txt

  PUBLISHED
• Nicolas Quintin

  Spamhaus DROP list

  July 06, 2025
  Detection & prevention sources

  Ingest IPs with SBL record ID in description: The Spamhaus DROP list (Don't Route Or Peer) is a list of IP address ranges controlled by threat actors and used exclusively for malicious activity, such as spam, malware distribution, and botnet operati

  PUBLISHED
• Damian Skeeles

  James Brine Threat Feed Endpoint

  July 04, 2025
  Threat Intelligence

  Detection & prevention sources

  A list of IPs observed attempting brute force attacks, from https://jamesbrine.com.au/csv

  PUBLISHED
• Jermain Njemanze

  Blocklist.de

  July 04, 2025
  Threat Intelligence

  stream consumer sources

  This CSV feed and mapper ingests the latest IP addresses reported on www.blocklist.de

  PUBLISHED