Drop a CTI report to analyze

PDF  · IOCs · TTPs · threat actors · YARA — all extracted automatically

Select or drop a file to begin
554 reports
21,759 IOCs
1,161 TTPs
397 actors
// recent reports
ID Title Actors IOCs TTPs Age
IH-000554 Hellcat is an emerging ransomware group, active since late 2024, known for aggressive doub Hellcat Ransomware Group 1 6 2026-05-17 17:46
IH-000553 Cybersecurity Statistics Report 0 1 2026-05-17 17:23
IH-000552 DNS Abuse Techniques Matrix 53 0 2026-05-17 17:23
IH-000551 TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook 17 4 2026-05-17 17:21
IH-000550 11th May – Threat Intelligence Report ShinyHuntersWorld Leaks 5 4 2026-05-17 17:20
IH-000549 From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026 0 3 2026-05-17 17:19
IH-000548 Kimsuky targets organizations with PebbleDash-based tools Kimsuky 47 3 2026-05-17 17:18
IH-000547 When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps 2 0 2026-05-17 17:18
IH-000546 When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks 2 2 2026-05-17 17:17
IH-000545 Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Co Volt Typhoon 22 3 2026-05-17 17:16
IH-000544 Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools 84 4 2026-05-17 17:15
IH-000543 APT41 Has Arisen From the DUST | Google Cloud Blog APT41 156 3 2026-05-17 12:36
IH-000542 Continuous Evolution of Tianwu 22 3 2026-05-17 12:36
IH-000541 Main title option 1 second line title Flax Typhoon 15 5 2026-05-17 12:36
IH-000540 THE STATE OF RANSOMWARE 2025 - greymatter.com 1 2 2026-05-17 12:35
IH-000539 Annual Threat Report 2026: European Regional Outlook | Darktrace Lazarus GroupAkira Ransomware 18 14 2026-05-17 12:35
IH-000538 Windows 10 DFIR and InfoSec Challenges - volexity.com 23 0 2026-05-17 12:35
IH-000537 Responding to the SolarWinds Breach - Volexity Dark Halo 2 1 2026-05-17 12:34
IH-000536 Attacks and breaches RansomHub 9 6 2026-05-17 12:34
IH-000535 Attacks on industrial enterprises using RMS and... | Securelist 16 2 2026-05-17 12:33
IH-000534 Advanced Persistent Threats (APTs) and U.S. National Security ... nation-state actorscyberterrorist organizationsfinancially motivated cybercriminalsstate-sponsored 43 3 2026-05-17 11:43
IH-000533 The FTC s Efforts in the Greater Fight Against Ransomware and ... 14 3 2026-05-17 11:42
IH-000532 2024 Ransomware Risk Report 3 4 2026-05-17 11:41
IH-000531 Worldwide Ransomware, 2024: Increasing Rate of Attacks ... LockBitRansomHubALPHV/BlackCatScattered Spider 0 2 2026-05-17 11:39
IH-000530 CyberStash 2025 Threat Analysis Report Lazarus GroupSideWinder 4 5 2026-05-17 11:08
IH-000529 Nation-Aligned APTs in 2025: AI-Fueled Threats and the ... Earth EstriesEarth IMAGE Naga 5 0 2026-05-17 11:07
IH-000528 Annual Threat Report 2026: Americas Regional Outlook | Darktrace AkiraQilinBlackSuit 0 6 2026-05-17 11:06
IH-000527 NSA CISA, FBI, and the UK NCSC further expose Russian Intelligence... APT29 18 3 2026-05-17 11:06
IH-000526 NSA, FBI, CISA Release Advisory on Protecting Cleared Defense... Russian state-sponsored cyber actors 5 4 2026-05-17 11:05
IH-000525 Attacks and breaches 5 4 2026-05-17 11:04
IH-000524 The Mystery of Duqu 2.0: a sophisticated cyberespionage... | Securelist Duqu 2.0 group 2 4 2026-05-17 11:03
IH-000523 Red October - Indicators of compromise | Securelist Red October 140 2 2026-05-17 11:03
IH-000522 CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia 14 1 2026-05-17 11:02
IH-000521 Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Too Emissary Panda 87 2 2026-05-17 10:04
IH-000520 Falcon Complete for Service Providers Key benefits - CrowdStrike 0 0 2026-05-17 10:03
IH-000519 2023 GLOBAL THREAT REPORT - CrowdStrike SLIPPY SPIDERSCATTERED SPIDER 0 6 2026-05-17 10:02
IH-000518 Data Sheet DRAGOS: ICS/OT THREAT DETECTION - CrowdStrike 0 2 2026-05-17 10:02
IH-000517 Data Sheet Delivering predictive risk assessments with DNS threat intelligence 0 1 2026-05-17 10:01
IH-000516 Turkiye's cyber threat landscape is rapidly evolving, marked by a significant increase in RansomHubHellcatPromethium 2 2 2026-05-17 08:43
IH-000515 The United Kingdom's cybersecurity landscape is increasingly threatened by a surge in both LockBit 3.0Black BastaAkira 36 2 2026-05-17 08:42
IH-000514 March 2025 saw a continued surge in ransomware attacks by distinct groups like Skira, Kill Skira TeamKillSecQilinNitrogen Ransomware Group 19 1 2026-05-17 08:33
IH-000513 digital forensics for rapid and targeted mitigation 0 1 2026-05-16 12:02
IH-000512 Implementing a Collegiate Incident Response Competition ... 27 0 2026-05-16 12:02
IH-000511 Intro To Forensics & Incident Response 5 0 2026-05-16 12:02
IH-000510 Cyber Incident Response Tabletop Exercises (TTX) 1 0 2026-05-16 12:02
IH-000509 The Latest Updates in Privacy + Cybersecurity 1 3 2026-05-16 12:02
IH-000508 Strategies for mitigating advanced persistent threats (APTS ... 11 0 2026-05-16 12:02
IH-000507 The Essential Role of Logs in APT and Advanced ... 2 0 2026-05-16 12:01
IH-000506 Cybersecurity Framework Profile for Artificial Intelligence 93 0 2026-05-16 12:01
IH-000505 Artificial intelligence integration in cyber incident response ... 10 0 2026-05-16 12:01
IH-000504 Experiential Cyber Immersion Training & Exercises® 0 0 2026-05-16 12:00
IH-000503 Expert Insights into Advanced Persistent Threats 304 0 2026-05-16 12:00
IH-000502 Enhancing Incident Response Through Effective TTPs ... 185 0 2026-05-16 12:00
IH-000501 Incident Response Planning Using a Lightweight Large ... 228 0 2026-05-16 12:00
IH-000500 Cybersecurity Incident Management Guide - Crest-approved.org 0 0 2026-05-16 11:59
IH-000499 Tracer FIRE (Forensic and Incident Response Exercise) for ... 0 0 2026-05-16 11:59
IH-000498 travel & tour operations industry threat landscape 117 4 2026-05-16 11:59
IH-000497 2025 National Cyber Risk Assessment | NCSC 37 0 2026-05-16 11:59
IH-000496 ASD Cyber Threat Report 2024-25 6 3 2026-05-16 11:57
IH-000495 Addressing State-Linked Cyber Threats to Critical Maritime ... 2 0 2026-05-16 11:56
IH-000494 Decoding the Accelerated Cyber Attack Cycle 9 3 2026-05-16 11:56
IH-000493 Mandiant M-Trends 2025 Report - GitHub 36 2 2026-05-16 11:55
IH-000492 CRITICALSTART® Security Advisory BlueNoroff 49 4 2026-05-16 11:55
IH-000491 ESET APT Activity Report Q4 2024-Q1 2025 APT28RomComGamaredonMustang Panda 17 5 2026-05-16 11:54
IH-000490 APT-C-36 APT-C-36 0 9 2026-05-16 11:54
IH-000489 IBM X-Force 2025 Threat Intelligence Index Salt Typhoon 27 1 2026-05-16 11:54
IH-000488 your weekly threat intelligence advisory CrazyHunter ransomware group 13 6 2026-05-16 11:54
IH-000487 Trellix SecondSight Threat Hunting Report, Feb 2026 SidewinderMustang PandaKimsuky 13 2 2026-05-16 11:54
IH-000486 APT36 Targets Indian Government, Defence & Aerospace APT36 33 7 2026-05-16 11:54
IH-000485 OT Cybersecurity Hezbollah 5 3 2026-05-16 11:53
IH-000484 2025 March, Industrial Control Systems security feed 62 0 2026-05-16 11:53
IH-000483 The Operational Technology Cybersecurity Landscape 15 ... 2 0 2026-05-16 11:53
IH-000482 Zero Trust for Operational Technology Activities and Outcomes 254 0 2026-05-16 11:53
IH-000481 2025 ICS/OT Cybersecurity Budget: Spending Trends, ... 0 2 2026-05-16 11:53
IH-000480 2025 OT Cyber Threat Report Volt Typhoon 696 0 2026-05-16 11:52
IH-000479 Four Types of OT Threat Detection in the Dragos Platform 0 1 2026-05-16 11:52
IH-000478 2025 State of Operational Technology and Cybersecurity ... 0 0 2026-05-16 11:52
IH-000477 2025 State of Operational Technology and Cybersecurity ... 0 0 2026-05-16 11:52
IH-000476 NERC Critical Infrastructure Protection Roadmap 8 0 2026-05-16 11:52
IH-000475 Cybersecurity 103 CARRCyberAv3ngersVolt Typhoon 5 6 2026-05-16 11:52
IH-000474 Facing 21st Century Threats IranNorth Korea 2 0 2026-05-16 11:52
IH-000473 Cyber Threat Updates - July 2025 Silver Fox APTAPT28APT33APT34 3 8 2026-05-16 11:52
IH-000472 The rural hospital cybersecurity landscape 0 0 2026-05-16 11:52
IH-000471 Securing Healthcare Infrastructure against Ransomware 354 1 2026-05-16 11:51
IH-000470 $10.3M Breaches Demand Unified AI Defense 0 1 2026-05-16 11:51
IH-000469 No Bluffing Allowed: Cybersecurity that Holds Up in ... 1 5 2026-05-16 11:51
IH-000468 US Healthcare and Cyber Risk: Trends, Threats, and Strategies RansomHubINCBianLianQilin 1 4 2026-05-16 11:51
IH-000467 State of CPS Security: Healthcare Exposures 2025 Black BastaBlack Cat/ALPHAV 1 1 2026-05-16 11:51
IH-000466 The Growing Threat of Healthcare Ransomware 12 3 2026-05-16 11:51
IH-000465 Healthcare at the Forefront of Cyber Risk 1 2 2026-05-16 11:51
IH-000464 Fortifying Healthcare's Bottom Line 1 2 2026-05-16 11:51
IH-000463 Ransomware Trends and Impact 0 1 2026-05-16 11:51
IH-000462 Health Care Data Breaches 31 2 2026-05-16 11:51
IH-000461 THE STATE OF HEALTHCARE CYBERSECURITY 2025 LockBit 3.0ALPHV/BlackCatBianLian 92 1 2026-05-16 11:50
IH-000460 2025 State of Ransomware Scattered Spider 2 0 2026-05-16 11:50
IH-000459 Threat Landscape Analysis for the Financial Services ... - Mastercard 6 0 2026-05-16 11:50
IH-000458 Understanding-the-Rise-of-Ransomware-Attacks-on- ... 24 1 2026-05-16 11:50
IH-000457 Annual Healthcare Cybersecurity Report 2025 Reality ... ALPHV / BlackCatQilinBlack Basta 0 5 2026-05-16 11:50
IH-000456 The State of Cybersecurity Cl0pLazarus GroupRansom-Hub 76 5 2026-05-16 11:50
IH-000455 Securing Cyberspace for Peace 193 0 2026-05-16 11:50
// no results
01.HERO // LAT 41.0082° N LON 28.9784° E
[ CTI_OPERATIONS // v2.4 ]

Drowning in feeds.
Hunt the signal.

IntelHarvest turns 7,000+ OSINT sources into MITRE ATT&CK-mapped, STIX 2.1-ready intelligence. Built for CTI analysts who are done babysitting noisy feeds and glueing PDFs together.

./start_analysis view live reports
IOCs 0
TTPs mapped 0
Actors tracked 0
Sources live
CLUSTER // threat_actor_graph nodes: 7 · edges: 9
02.NOISE_PROBLEM FILTER_RATIO: 0.0015
[ 02.THE_NOISE_PROBLEM ]

A CTI analyst's day starts with 2,000 alerts.
Three of them actually matter.

Every dashboard promises "threat intelligence." Most deliver parseable garbage. IntelHarvest exists because the signal-to-noise ratio of commercial feeds has collapsed — and manual triage doesn't scale.

INGEST → FILTER → OUTPUT realtime
// PAIN_01

Manual correlation

The same actor lives under 12 different names across feeds. Your time is not a deduplication engine.

// PAIN_02

Format chaos

PDFs, blogs, tweets, paste sites, vendor blogs — every source, a different schema. Normalization eats your week.

// PAIN_03

Lost context

You got the IOC. But which campaign? Which TTP chain? Which victim vertical? Indicators without context are just hashes.

03.PLATFORM_CORE MODULES: 4
[ 03.THE_PLATFORM ]

Four modules. One pipeline.

Each module is standalone, scriptable, and exports to the standards SOCs actually use. No vendor lock-in. No proprietary "intel packages." Just open protocols.

TTP Hunter

Automated MITRE ATT&CK mapping. Every extracted behavior resolves to a technique ID — from T1566.001 (Spearphishing Attachment) to T1059.003 (Windows Command Shell) — with sub-technique precision.

matched weak signal idle
Automated Reporting

Export STIX 2.1, MISP, Markdown and PDF from the same source of truth.

"type": "indicator", "pattern": "[file:hashes.SHA256 = '…']", "confidence": 87, "kill_chain": "mitre-attack"
OSINT Crawler

7,000+ sources. Vendor blogs, CERT advisories, paste sites, dark-web mirrors, Telegram channels. 24/7.

0
sources_active · last_poll 00:00:03
Actor Graph

Explore actor → campaign → TTP → IOC relationships as a navigable force-directed graph. Click any node to pivot.

04.CASE_STUDY REPORT_ID: IH-2026-0417
[ 04.TECHNICAL_PROOF ]

Proof, not promises. Read the report.

Here's an actual community report produced by IntelHarvest. No marketing gloss — the same output format every analyst on the platform ships.

REPORT_ID // IH-2026-0417 CLASSIFICATION: TLP:CLEAR

APT29 "Midnight Blizzard" — 72-hour analysis

published @ih_analyst_ops · 2026-04-17T09:14:00Z · confidence: 87%

// Executive summary

A targeted spearphishing cluster attributed to APT29 was observed operating against European diplomatic infrastructure over a 72-hour window. The campaign leveraged HTML smuggling, a signed ISO loader, and a Cobalt Strike beacon with sleep-mask obfuscation. 23 unique TTPs and 87 IOCs were extracted and mapped.

// TTP chain

  1. T1566.002 Spearphishing Link — HTML-smuggled archive
  2. T1204.001 User Execution: Malicious Link
  3. T1059.001 PowerShell — staged from ISO
  4. T1055.012 Process Hollowing into svchost
  5. T1071.001 Application Layer Protocol: Web

// Indicators of compromise

sha256   9f2b…c41d / 3a17…ef09 / 7b52…d0ba
domain   files-cdn-oslo[.]net, msupdate-eu[.]com
ip   185.212.47.88, 91.203.6.19
mutex   Global\\MB-0x7F4A91
severity: high view full report →
[ 04.B.COMMUNITY_FEED ]

Recent public reports

Open intelligence shipped by analysts on the platform.

live feed

No public reports yet. Be the first analyst to publish intelligence.

./start_analysis
// built by analysts, for analysts.

Stop triaging noise.
Start harvesting intelligence.

Free to start. No credit card. Your first analyzed report is 5 minutes away — not 5 days.

./register ./login
STATUS: operational UPTIME: 99.98% VERSION: v2.4.1 LOC: 41.0082° N // 28.9784° E