threatintel
actor tracker
stix 2.1 · catalog export

Download the catalog.

The full actor, event, and indicator catalog as a single STIX 2.1 JSON bundle — the OASIS-standard format every CTI platform (MISP, OpenCTI, Anomali, Sentinel, etc.) speaks natively. Drop it in and the records appear with their citations and relationships intact.

Download STIX 2.1 bundle· 413 KB · json

what's in the bundle

521 STIX objects
report
153events
indicator
149iocs
relationship
149actor ↔ ioc
intrusion-set
70actors

Computed at request time — the download you get reflects the current catalog, not a snapshot.

What you can do with it

  • Import into a CTI platform — every actor becomes an intrusion-set, every event a report, every IOC an indicatorwith a STIX pattern, and every actor → IOC link a relationship.
  • Diff snapshots over time to track catalog growth or drift in attribution.
  • Build alerting on a subset (e.g. all actors attributed to a specific country, all indicators of a given type) by filtering the bundle.

Endpoint: https://threatintel.thomasmalinowski.com/api/export/stix2 — public, rate-limited, no auth.