Search adversary activity, malware, techniques, and victim targeting in one place, with the source text preserved so you can verify every claim before you use it.
Why this is useful
What you can trust and work with
402 analyst-usable reports in production corpus · 571 normalized archive articles as of Mar 27, 2026
Verifiable sourcing
Most extracted findings can be checked against preserved source text
For an analyst, this is the core question: can you validate the database quickly instead of re-reading every report from scratch?
Findings with source quotes
18,220 of 18,319 extracted findings preserve source text, so you can verify the claim instead of trusting a summary.
99.5%99 findings require source review
Directly stated in the source
15,357 of 18,319 findings come from explicit language in the report, helping you separate stated facts from inferred context.
83.8%2,962 require analyst judgment
Operational coverage
Actor attribution and sector targeting are available across most of the production corpus
These coverage rates tell you whether the operational corpus supports actor tracking and targeting analysis, not just isolated lookups.
Reports with named threat actors
306 of 402 operational reports include a normalized actor reference, which makes actor-centric pivots useful rather than sparse.
76.1%96 reports without actor context
Reports with sector targeting
300 of 402 operational reports identify victim sectors or industry targeting, which supports campaign scoping and sector research.
74.6%102 reports without sector detail
Searchable IOCs
7,243
Enough indicator depth for enrichment, hunting pivots, and historical lookups across the analyst-usable corpus.
18.0 IOCs per report
Connected relationships
1,113
Linked actors, malware, techniques, victims, and infrastructure let you move from one fact to the next without rebuilding the chain by hand.
2.8 linked relationships per report
Research pivots
Malware leads the database, with strong actor, ATT&CK, and CVE coverage for real investigation work
This mix shows whether the database helps with adversary profiling, technical analysis, and vulnerability context, not just IOC storage.
2,026
Malware
535
Actors
385
ATT&CK
254
CVEs
Usable coverage
The production corpus is the analyst-usable slice of a larger normalized archive
This is the corpus-policy distinction: archive breadth is preserved, but only the cleaner operational subset is exposed as the production search set.
Reports in the production corpus
402 of 571 normalized archive articles are currently in the operational corpus. The remaining 169 stay preserved in the archive, but are excluded from the production search set by corpus policy.