{"id":33245394,"url":"https://github.com/davidonzo/Threat-Intel","last_synced_at":"2026-03-29T21:00:47.171Z","repository":{"id":41176162,"uuid":"185815507","full_name":"davidonzo/Threat-Intel","owner":"davidonzo","description":"Threat-Intel repository. API: https://github.com/davidonzo/apiosintDS","archived":false,"fork":false,"pushed_at":"2024-04-13T06:19:52.000Z","size":7002816,"stargazers_count":137,"open_issues_count":1,"forks_count":14,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-04-14T02:53:03.629Z","etag":null,"topics":["cybersecurity","cybox","incident-response-service","malware-analisys-lab","misp","misp-feed","osint","stix","stix2","taxii","taxii2","threat-intel","threat-intelligence"],"latest_commit_sha":null,"homepage":"https://osint.digitalside.it","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davidonzo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-05-09T14:29:02.000Z","updated_at":"2024-04-15T07:43:51.259Z","dependencies_parsed_at":"2024-02-29T08:29:02.404Z","dependency_job_id":"18d81124-1619-48e7-9a0f-a882063f164e","html_url":"https://github.com/davidonzo/Threat-Intel","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/davidonzo/Threat-Intel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidonzo%2FThreat-Intel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidonzo%2FThreat-Intel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidonzo%2FThreat-Intel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidonzo%2FThreat-Intel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davidonzo","download_url":"https://codeload.github.com/davidonzo/Threat-Intel/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidonzo%2FThreat-Intel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31164979,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-29T18:55:37.765Z","status":"ssl_error","status_checked_at":"2026-03-29T18:55:04.089Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","cybox","incident-response-service","malware-analisys-lab","misp","misp-feed","osint","stix","stix2","taxii","taxii2","threat-intel","threat-intelligence"],"created_at":"2025-11-16T21:00:32.225Z","updated_at":"2026-03-29T21:00:47.166Z","avatar_url":"https://github.com/davidonzo.png","language":"Python","readme":"# DigitalSide Threat-Intel\nThis repository contains a set of Open Source Cyber Threat Intelligence information, mostly based on malware analysis and compromised URLs, IPs and domains.\n\nThe purpose of this project is to develop and test new ways to hunt, analyze, collect and share relevant sets of IoCs to be used by SOC/CSIRT/CERT with minimum effort.\n\n## Sharing formats\nThree formats are available to download the reports:\n\n* [MISP](https://www.misp-project.org/) feed and events (retention: 7 days) - [[GO TO]](https://github.com/davidonzo/Threat-Intel/tree/master/digitalside-misp-feed)\n* Structured Threat Information Expression - [STIX™ v2](https://oasis-open.github.io/cti-documentation/stix/intro.html) (retention: 30 days) [[GO TO]](https://github.com/davidonzo/Threat-Intel/tree/master/stix2)\n* Comma Separated Values (retention: 30 days) [[GO TO]](https://github.com/davidonzo/Threat-Intel/tree/master/csv)\n* [Public API](https://apiosintds.readthedocs.io) using [apiosintDS](https://github.com/davidonzo/apiosintDS) library - [[DOCS]](https://apiosintds.readthedocs.io)\n* IoC lists of unique indicators in squid like format (retention: 7 days) splitted in:\n* * [URLs](https://osint.digitalside.it/Threat-Intel/lists/latesturls.txt)\n* * [IPs](https://osint.digitalside.it/Threat-Intel/lists/latestips.txt)\n* * [Domains](https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt)\n* [TAXII2](https://oasis-open.github.io/cti-documentation/resources#taxii-21-specification) server implementation containing STIX2 bundles shared reports (retention: 24 hours) - [[GO TO]](https://osint.digitalside.it/taxiiserver.html)\n* [apiosintDS MISP Module](https://github.com/MISP/misp-modules) available in any up to dated MISP instance - [[DOCS]](https://apiosintds.readthedocs.io/en/latest/userguidemisp.html)\n\nThe majority of the information is stored in the MISP data format. So, best way to collect data is to subscribe to the [Digitalside-misp-feed](https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/).\n\nAll sharing formats, except for STIX2.1 reports, are based on MISP export format. **All reports in any format can be consumed by any up-to-dated MISP instance**.\n\n## Sharing endpoints\nReports shared by two sharing endpoints:\n* This repository: you can clone, subscribe, download managing it with the power of git!\n* [OSINT.DigitalSide.it](https://osint.digitalside.it): You can crawl it for free and permit you to subscribe tp the MISP feed.\n\n## How to subscribe to the [Digitalside-misp-feed](https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/)\nSince 2019-09-23 OSINT.digitalside.it MISP feed has been added to the \"Default feeds\" list available in MISP default installation. The easy way to subscribe to the feed is to select the dedicated activation button.\n\n1. Login to MISP with a user having the right permissions to manage feeds\n2. Go to `Sync Actions -\u003e List Feeds -\u003e Default feeds`\n3. Find the OSINT.digitalside.it row\n![DigitalSide MISP Feed](https://raw.githubusercontent.com/davidonzo/host/master/list.png)\n4. Select the row and click on \"Enable selected\" button at the top of the table\u003cbr\u003e\n![List feeds](https://raw.githubusercontent.com/davidonzo/host/master/button.png)\n\nYou can also subscribe to the feed manually, following the below instructions.\n\n1. Login to MISP with a user having the right permissions to manage feeds\n2. Go to `Sync Actions -\u003e List Feeds -\u003e Add Feed`\n3. Add the MISP feed by using the URL https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/\n\n![DigitalSide MISP Feed](https://raw.githubusercontent.com/davidonzo/host/master/digitalsidemispfeed.png)\n\n## Domain white list and MISP Warning List\nFor more information about domain white list applied to the project, please refer to [OSINT.DigitalSide.IT Threat-Intel Domains White List](https://github.com/davidonzo/Threat-Intel-Domain-WL).\n\n## Public API\nPlease visit the [DigitalSide-API project page](https://github.com/davidonzo/apiosintDS).\n\n## Sharing samples\nMalware samples are not included in the reports. If you need some binary file for further analysis and investigation, send an email to info[at]digitalside.it, qualifying yourself as member of a SOC/CSIRT/CERT or other cyber security organization working on public safety. No commercial company will be supported at all.\n\nOnly PGP signed and encrypted emails from a valid sender will have feedback.\n\nMy PGP key ID [30B31BDA](http://pgp.key-server.io/pks/lookup?op=get\u0026search=0x9C3693B230B31BDA). Fingerprint: [0B4C F801 E8FF E9A3 A602 D2C7 9C36 93B2 30B3 1BDA](https://pgp.key-server.io/pks/lookup?op=get\u0026search=0x9C3693B230B31BDA).\n\n## Workflow Automation Input/Output\nReports shared here are the result of my personal Malware Analysis Lab. In this first stage of the project I'll focus the activity to find the best way to share IoC. Report contents should change in time. Anyway, backward compatibility will be granted. The goal is to create an external know how to be used for correlation, digital forensics activities, threat intelligence processes, inside a workflow automation process for Incident Response. \n\nIn a second phase I'll share information about my Malware Analysis Lab. This way I hope to cover the two main IoC sharing topics:\n* How to use OSINT data\n* How to produce OSINT data\n\n## Credits are granted!\nMany reports shared are based on OSINT and CLOSINT sources. All applicable credits are granted. If something wrong, please contact me at info[at]digitalside[dot]it.\n\n## About Me\nMy name is Davide Baglieri and I'm an independent security researcher and consultant. You can find more information at the following links:\n* [LinkedIn](https://www.linkedin.com/in/davidebaglieri/)\n* [Twitter](https://twitter.com/davidonzo)\n\nMy personal purpose about this project is basically for Research \u0026 Developing in a continue education and training process I started the 23rd of September 1979.\n","funding_links":[],"categories":["Blue Team"],"sub_categories":["Threat Hunting"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidonzo%2FThreat-Intel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavidonzo%2FThreat-Intel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidonzo%2FThreat-Intel/lists"}