Threat Intelligence Feeds

What is a Threat Intelligence Feed?

The Fitsec Threat Intelligence feed is a collection of various types of feeds used to identify malware fingerprints and attacks targeted towards an organization. The service gives your organization the data needed to react quickly to outside threats, and can for example warn you in advance about possible denial of service attacks or other malicious activity. With our feeds, your organization is equipped to possibly stop an attack altogether, or at least minimize the damages to your operation.

Threat Landscape

What is an APT?

Targeted attacks are often referred to as APTs (Advanced Persistent Threat). The target is usually carefully selected and specific, and it can be a company or an individual office. By using multiple phases to break into a network and limiting the target range, targeted attacks become increasingly difficult to detect.

The attackers usually hold key information about the target organization, which they use to gain access into the network by using multiple different technical and social methods. APTs are commonly long lasting and invisible to the target organization itself. Usually the main goal of an APT is to capture critical information and/or obstruct the operations of an organization by attacking their infrastructure.

What is DDOS?

A DDOS (Distributed Denial Of Service) attack is an attempt to take down an online service by overwhelming it with traffic from multiple sources. Usually the sources are exploited devices that are part of a vast global network that hackers have gained access to.

DDOS attacks target a variety of web services and they are a major threat to important online resources and services such as banking and social services websites. Any organization that has an important web presence or is running a service that has large amounts of user traffic should be concerned about DDOS attacks and actively looking for ways to prevent them.


The Fitsec APT-feed provides you with data of the latest IOCs (Indicators of Compromise), which is data that is designed to be integrated into various systems in your organizations network infrastructure. IOCs enable you to monitor your network environment for signs of infection or abnormal behavior, before damages are inflicted. The APT-feed helps your organization to react to data breaches and other malicious activity much faster and thus take control of the situation and direct resources more efficiently to prevent further damage.

The APT-feed largely consists (about 80%) of IOC-data that is not publicly available from other competing service providers. The APT feed is customized to track threats in customer speficic segments and focuses on APT- threat actors and malware families that have actively targeted our customers or their industries.

The APT-Feed is especially beneficial to Governmental Institutions and to everyone else who has the need to monitor the information security status of their networks. The data that the APT-feed provides is used to determine the amount of active APT attacks and the amount of malicious activity targeted against an organizations network and operations.

Other Feeds


The Fitsec DDOS feed offers intelligence on the latest DDOS threats and it reports on threats that are targeted against an organizations network infrastructure. The data provided by the DDOS feed includes malicious C2 (command and control) commands issued and the origin of the attack in real time.

The DDOS feed is especially beneficial to operators or other organizations that have critical online services and want to monitor the information security status of their networks. This kind of intelligence is used to determine the amount of DDOS threats and other malicious activity targeted against an organizations network infrastructure.


The Fitsec SandboxIOC feed contains network IOC data that gives detailed insight into malware C2 (Command and Control) servers, enabling your security team to do prioritized response against internal malware infections to prevent further damages from occurring.

The SandboxIOC feed is crucial to network operators, governmental institutions and other organizations who need to detect malicious behavior in the network perimeter before malicious activies damage their business.


The FItsec SinkholeIOC feed listens to the traffic and detects the stolen data. As a client you will get BOT data such as infected IP addresses and information of the malware which has been detected. The Sinkhole feed provides actionable intelligence on hundreds of thousands of infected, malicious systems globally.

The SinkholeIOC feed is especially beneficial to operators and Governmental Institutions, and for anyone else who has the need to locate malicious systems.


"Fitsec APT IOC -feed has a broad array of high quality technical IoC's that allow us to integrate it to the whole cyber kill chain. From network devices to workstations and servers, we are able to protect our primary assets on several different levels."

All our feeds have a FREE 1-month trial period that allows you to assess whether the intelligence is beneficial for your organization. Contact us for information!


Can we protect against targeted attacks?

Completely protecting against APTs is not possible, however with quick detection and response times you can minimize the damage done to your organization.
To aid quick detection and response times, it is a good idea to educate your staff and raise awareness on how to detect APTs and how to act in the event of an attack.
Other best practices for protection include keeping software up to date, installing antivirus and anti-malware products on all systems, monitoring your networks and getting active monitoring of your infrastructure as a service from cybersecurity professionals.

It is also best to avoid opening unknown links to websites and to avoid connecting unknown USB-storage devices to your systems, as these can make you vulnerable to attacks.

Are feeds right for us?

Any organization monitoring the information security status of their networks will benefit from the intelligence gathered by our feeds. Also, all organizations with a strong internet presence or critical web services can benefit from the DDOS feed for example. Our feeds can be a crucial tool for organizations in these segments: Governmental institutions, critical infrastructure, network operators etc.

All of our feeds have a 1-month trial period that allows you to assess whether the intelligence is beneficial to your organization.

Why choose Fitsec?

Our service differs from similar solutions because we manually segment and filter the data from the reports and scanners. We also emphasize the contents of our feeds based on the individual customer and their threat landscape. In the case of targeted attacks, we focus our malware analysis on APT-actors that have previously targeted the industry segments of our customers.

Has our network been breached?

Suspicious activity includes logins to new or unusual systems or logins during unusual times. These can be an indicator of a breach. If you have any reason to believe your network has been attacked or breached, it is best to consult a professional as soon as possible to prevent further damage.


Knowledge of correct procedures and reacting quickly are key actions when it comes to dealing with APTs. To protect your organization and educate your staff, we offer both basic and advanced level training programs (1 or 2 days), or completely custom-tailored programs for your organization.
Contact us about our APT training programs!


Fitsec Oy

Linnoitustie 4 A
02600 Espoo

Switchboard +358 9 3540 1360

Key Persons

Toni Koivunen

Annu Sorell
Director of Operations
+358 50 4479 876

Yoonis Jama
Cyber Intelligence Specialist
+358 40 777 1292

* required fields