Live cyber attack and threat intelligence pulses.
Cyber Threats Stream
Stream ID: cyber
Update frequency: 5 minutes
Required tier: Advanced (15,000 Hydra)
Structured cyber threat intelligence — attack campaigns, malware families, targeted nations, and threat actor attribution where available.
Message Types
threat_pulse
Fired when a new threat campaign is detected.
{
"stream": "cyber",
"type": "threat_pulse",
"ts": 1710000000000,
"data": {
"id": "pulse-abc123",
"title": "LockBit 3.0 targeting financial sector",
"attackType": "RANSOMWARE",
"severity": 4,
"sourceCountries": ["RU"],
"targetCountries": ["US", "GB", "DE", "FR"],
"malwareFamilies": ["LockBit"],
"indicatorCount": 847,
"tlp": "WHITE",
"tags": ["ransomware", "financial", "lockbit3"],
"publishedAt": 1710000000000,
"authorName": "AlienVault OTX",
"references": ["https://..."]
}
}
Schema Reference
| Field | Type | Description |
|---|---|---|
id |
string | Unique pulse identifier |
title |
string | Human-readable campaign title |
attackType |
string | See attack types below |
severity |
number | 1–5 severity rating |
sourceCountries |
string[] | ISO codes of attributed attack origin |
targetCountries |
string[] | ISO codes of targeted nations |
malwareFamilies |
string[] | Named malware families involved |
indicatorCount |
number | Number of Indicators of Compromise (IOCs) |
tlp |
string | Traffic Light Protocol classification |
tags |
string[] | Freeform tags |
publishedAt |
number | Unix ms timestamp |
authorName |
string | Publishing researcher or organisation |
references |
string[] | External source URLs |
Attack Types
| Value | Description |
|---|---|
RANSOMWARE |
Ransomware campaign |
MALWARE |
General malware distribution |
PHISHING |
Phishing / credential harvesting |
BOTNET |
Botnet infrastructure |
ESPIONAGE |
State-sponsored cyber espionage |
EXPLOIT |
Vulnerability exploitation |
DDOS |
Distributed denial of service |
SUPPLY_CHAIN |
Supply chain compromise |
OTHER |
Uncategorised |
TLP Classification
| TLP | Meaning |
|---|---|
WHITE |
Unlimited sharing |
GREEN |
Community sharing |
AMBER |
Limited sharing |
RED |
Restricted — not distributed via API |
Note
Hydra only distributes WHITE and GREEN TLP pulses via the API. AMBER and RED classified intelligence is never exposed.