Leverage ThreatStream and DomainTools COVID-19 Threat List

Deliver COVID-19 Intelligence to Your Security Controls

Malicious actors continue to leverage the global Coronavirus (COVID-19) pandemic to register phishing and malware domains to lure unsuspecting users into disclosing their credentials or downloading and executing malware onto their systems. Anomali and our partner ecosystem have publicly released data and information to identify, monitor, and respond to the latest threats to thwart malicious Coronavirus (COVID-19) themed activity from impacting customer’s information systems and networks. In this latest blog, we detail how to collect the new and rich data source offered by Anomali partner DomainTools and how to operationalize this data within ThreatStream, the industry-leading Threat Intelligence Platform (TIP).


On March 23, 2020, Anomali partner DomainTools released a free COVID-19 Threat List.  In the list, users can find Coronavirus (COVID-19) malicious domain name permutations covering more than 60 relevant keywords such as Covid, c0vid, c0v1d, Corona, carona, and corrona. Moreover, the threat list filters out any domains below a Domain Risk Score of 70. According to DomainTools, the Domain Risk Score is a proprietary machine-learning classifier to analyze the intrinsic properties of a domain, identifying patterns consistent with malware, phishing, spam, or neutral domains.MITRE Pre-ATT&CK Techniques: Buy domain name (T1328)MITRE Enterprise ATT&CK Techniques: Spearphishing Attachm ..