IronWall Threat Intel

Aggregated, deduped malware-signature feed for the IronWall desktop scanner. All upstream sources are unauthenticated public feeds from abuse.ch. Refreshed daily.

Endpoints

• GET /api/manifest — metadata + signature URL + SHA-256
• GET /api/signatures/latest — packed IWSIG binary
• GET /api/rules/latest — YARA rule bundle (placeholder)
• GET /api/refresh — cron entry point, re-fetches upstreams
• GET /api/reputation/[hash] — single-hash reputation lookup

Sources

• MalwareBazaar full feed (SHA-256)
• ThreatFox recent IOCs (SHA-256 only)

IronWall is a research / personal project. Not a substitute for an EDR.