APT Intelligence Feeds
Blocklists and raw IOC exports from the APT Watch pipeline. Files are regenerated daily from the Russian APT infrastructure database. Use the dashboard's IOC Explorer to inspect individual indicators before including them in production filters.
Blocklists — APT-specific
IP Blocklists (FireHOL .netset format)
aptw-apt-ips-high.netset
High confidence IPs 5+ sources
aptw-apt-ips-medium.netset
Medium confidence IPs 3+ sources
aptw-apt-ips-all.netset
All validated IPs broadest
aptw-apt-subnets.netset
High-density subnets
Domain Blocklists
aptw-apt-domains.hosts
StevenBlack hosts format
aptw-apt-domains-plain.txt
Plain domain list (Pi-hole / DNS sinkhole)
aptw-apt-combined.hosts
Combined IPs + domains
Unified Blocklists — APT Watch + external feeds
Merged with FireHOL, StevenBlack, URLhaus, AbuseIPDB
aptw-full-ips.netset
All threat IPs merged
aptw-full-domains.hosts
All threat domains (hosts format, Pi-hole ready)
aptw-full-domains-plain.txt
All threat domains (plain list)
aptw-resolved-ips.netset
IPs resolved from malicious domains
aptw-reverse-dns.hosts
Reverse DNS of known-bad IPs
aptw-mining.hosts
Cryptojacking mining-pool domains
Raw IOC Exports
Individual IOC files
ipv4.txt
All IPv4 IOCs
cidr.txt
CIDR ranges
domains.txt
Domain IOCs
mining_domains.txt
Mining pool domains 56K+ entries
emails.txt
Email IOCs
urls.txt
URL IOCs
cves.txt
CVE references
Interactive Analysis
Dashboard
Full interactive analytics, drill-down, SQL queries