Search adversary activity, malware, techniques, and victim targeting in one place, with the source text preserved so you can verify every claim before you use it.
Why this is useful
What you can trust and work with
371 reports indexed as of Mar 25, 2026
Verifiable sourcing
Most extracted findings can be checked against preserved source text
For an analyst, this is the core question: can you validate the database quickly instead of re-reading every report from scratch?
Findings with source quotes
16,998 of 17,091 extracted findings preserve source text, so you can verify the claim instead of trusting a summary.
99.5%93 findings require source review
Directly stated in the source
14,308 of 17,091 findings come from explicit language in the report, helping you separate stated facts from inferred context.
83.7%2,783 require analyst judgment
Operational coverage
Actor attribution and sector targeting are available across most of the dataset
These coverage rates tell you whether the database supports actor tracking and targeting analysis, not just isolated lookups.
Reports with named threat actors
282 of 371 reports include a normalized actor reference, which makes actor-centric pivots useful rather than sparse.
76.0%89 reports without actor context
Reports with sector targeting
281 of 371 reports identify victim sectors or industry targeting, which supports campaign scoping and sector research.
75.7%90 reports without sector detail
Searchable IOCs
6,624
Enough indicator depth for enrichment, hunting pivots, and historical lookups across the dataset.
17.9 IOCs per report
Connected relationships
1,041
Linked actors, malware, techniques, victims, and infrastructure let you move from one fact to the next without rebuilding the chain by hand.
2.8 linked relationships per report
Research pivots
Malware leads the database, with strong actor, ATT&CK, and CVE coverage for real investigation work
This mix shows whether the database helps with adversary profiling, technical analysis, and vulnerability context, not just IOC storage.
1,881
Malware
530
Actors
384
ATT&CK
228
CVEs
Usable coverage
Most of the collected report set is already searchable, with 153 reports still outside the database
This is the completeness check: enough material to be useful now, while making the remaining gap explicit.
Reports available in OPTIC
371 of 524 collected source reports are already searchable here, which is enough to support broad actor and campaign research.