Overview

ReversingLabs Ransomware Feed delivers curated, high-quality ransomware indicators of compromise (IoCs) enriched with metadata like MITRE ATT&CK tags, network context, and malware family data. It focuses on fresh, active threats by filtering out inactive artifacts, ensuring security teams receive reliable and timely information. This feed equips SOC analysts with actionable intelligence, reducing alert fatigue and enabling rapid, confident response to ransomware threats.

Features and Capabilities

• Curated Ransomware‑only IoCs: Exclusively covers ransomware-related malware, command-and-control infrastructure, and payload URLs for targeted insight.
• Massive malware pipeline: Powered by one of the industry’s largest analysis pipelines processing ~20 million samples daily.
• Rapid indicator publication: Over 50 % of IoCs published within one hour of detection, enabling true early-stage defense.
• Comprehensive metadata enrichment: Includes MITRE ATT&CK tactics, malware family names, network ports, and protocols for deep contextual understanding.
• Aggressive aging of IoCs: Removes inactive indicators promptly to maintain relevancy and avoid alert fatigue.
• Low false‑positive rate: Only high-confidence indicators are included, ensuring reliable alerts and efficient SOC workflows.
• Rich integration support: Easily consumed via TAXII/STIX into platforms like Anomali ThreatStream, Microsoft Sentinel, Cortex XSOAR, Cyware, ThreatConnect, and OpenCTI.
• Flexible editions: Available in Full and Lite versions to suit different organizational maturity and budget needs.
• Early-, middle-, and late‑stage coverage: Indicators span all stages of ransomware attacks—from initial access to encryption and exfiltration—supporting proactive protection.