What is PREDICT?

PREDICT (Predictive Infrastructure Analysis for Cyber Threat Intelligence) is a structured framework for analyzing and predicting malware infrastructure reuse patterns, inspired by the MITRE ATT&CK methodology.

The framework focuses on the principle that threat actors tend to reuse infrastructure due to the difficulty and cost of provisioning new resources. By understanding these patterns, security professionals can better predict and prevent future attacks.

This platform analyzes 8,966 total IOCs across 6,782 IPs, 2,184 domains, and 804 ASNs from 25 different malware families to provide actionable threat intelligence.

Core Principle
Infrastructure Reuse Hierarchy

From easiest to hardest for threat actors to change:

  1. Domain Names
    Easy to register new domains
    Easy
  2. IP Addresses
    Moderate effort to change IPs
    Medium
  3. ASN/Hosting
    Expensive to change providers
    Hard
Platform Features
Dashboard

Real-time overview of infrastructure analysis with risk distribution charts, top techniques visualization, and high-risk infrastructure monitoring.

PREDICT Matrix

Interactive visualization of the 25 PREDICT techniques across 5 categories, showing how different malware families utilize infrastructure reuse patterns.

Infrastructure Analysis

Search and analyze specific IPs, domains, or IOCs to understand their malware associations, risk levels, and related infrastructure.

Predictions

ML-powered predictions of infrastructure reuse probability with confidence scores and contributing factors analysis for proactive defense.

API Access

RESTful API for programmatic access to IOC lookups, bulk analysis, and prediction services for integration with security tools.

Community Edition

Open source and free for security researchers, SOC analysts, and threat intelligence teams. No restrictions on core features.

Current Dataset
8,966
Total IOCs
5,382
Malicious Items
25
Malware Families
569
Nameservers

Our database includes intelligence from major malware families including Cobalt Strike, AsyncRAT, XWorm, Rhadamanthys, Lumma Stealer, and many others, providing comprehensive coverage of the current threat landscape.

PREDICT Framework Categories
H - Hosting

Techniques related to hosting provider patterns, shared hosting analysis, and bulletproof hosting identification.

N - Networking

Network-level infrastructure patterns including ASN reuse, IP range analysis, and routing patterns.

R - Resolution

DNS-based patterns including nameserver reuse, domain generation algorithms, and resolution timing analysis.

T - Timing

Temporal patterns in infrastructure usage, campaign timing, and lifecycle analysis.

U - Reuse

Cross-campaign infrastructure reuse patterns, multi-family usage, and predictive reuse modeling.

Get Started
View Dashboard Search Infrastructure Explore Matrix
Key Statistics
6,782
IP Addresses
2,184
Domains
804
ASNs
25
Techniques
Use Cases
  • SOC Analysts: Infrastructure attribution and threat hunting
  • Threat Intel: Campaign tracking and actor profiling
  • Network Defense: Predictive blocking and prevention
  • Researchers: Infrastructure pattern analysis