Threat Intelligence starts with the collection of information. Since 2012, OPSWAT has collected malware information from a wide range of sources: free users, customers, our OEM community, and other cybersecurity vendors—such as anti-malware and firewall vendors. The result is a massive online database of malware hashes and malware-related information that can be cross-referenced.
Threat Intelligence helps:
- Organizations know as much as possible about the newest threats, in order to identify, prevent and mitigate them
- Researchers analyze trending malware on the market
- Security products leverage threat intelligence capabilities to harden security measures

The information enables SecOps to see beyond the typical attack lifecycle, adding context and priority to global threats. They can use the information to enhance their current security and risk management infrastructure, by building proactive defenses, prioritizing alerts, and improving incident response. They can qualify threats poised to disrupt their business, based on the attacker’s intent, tools, and tactics.
Getting started
The data feed contains the latest detected malware hash signatures, including MD5, SHA1, and SHA256. Our feed is updated instantly with malware to provide actionable and timely threat intelligence. Data is delivered in JSON format using REST API calls and is configurable using query parameters:
Integration example – consume our threat intelligence feed programmatically: