Frequently Asked Questions (FAQ)

Having questions? I hope that they are getting answerd here! If not, please do not hesitate to drop me a line: coSntacPtAmeM@abuse.ch (remove all capital letters).

Why ThreatFox? What kind of information should be shared on ThreatFox? Why is there no data export in ​STIX/TAXII available? Can I use data from ThreatFox commercially? Terms of Services (ToS)

Why ThreatFox?


I love OSINT! There are many smart and talented IT-security researchers, threat analysts, CERT/CSIRT/SOC employees and IT-security enthusiast around. Some of them share parts of their analysis and indicators of compromise (IOCs) publicly, usually on github or social media like Twitter. While this is great, it is a pain at the same time: You need to invest a lot of time into searching for these IOCs and, even worse, automation is in many cases not easily possible (if not impossible).

ThreatFox is a platform where people who would like to share their indicators of compromise (IOCs) with the community can do so. For this purpose, ThreatFox offers a web UI and an API. At the same time, security researchers who would like to use that data to protect their own constituency, users or customers can easily integrate it by taking advantage of the ThreatFox API.

ThreatFox is a free, community driven platform for sharing indicators of compromise with the world!

What kind of information should be shared on ThreatFox?


If you want to share your indicators of compromise (IOCs) on ThreatFox, I'm glad to hear that! However, be for you start to push data to ThreatFox, please read the following submission policy carefuly.

Why is there no data export in ​STIX/TAXII available?


I've offered a STIX/TAXII export for threat intel from URLhaus for a while. Unfortunately, I've noticed that due to the extensive amount of information STIX/TAXII provides, the export file soon became very, very big (Gigabytes!). I've therefore decided against supporting STIX/TAXII format across all abuse.ch projects. I apologize and hope that one of the other available formats will fit your needs.

Can I use data from ThreatFox commercially?


Yes! You can use any data provided by ThreatFox for commercial and non-commercial purpose - for free. This includes reselling or ingeration into commercial products. However, I kindly ask you to have a quick look at the (very short) Terms of Services (ToS) at the end of this FAQ.

Terms of Services (ToS)


By using the website of ThreatFox or any of it's services / datasets, you agree that: