COVID-19 OSINT Community Enclave

Updated 11 months ago by TruSTAR

To help security teams Defend Better Together, TruSTAR along with our partners at IBM have created an open source Community Enclave to share and track observables related to COVID-19 exploits.

  • Source Type: Open Source Intelligence
  • Update Type: Feed-based
  • Update Frequency: 15 minutes
  • Parser: Yes
  • Time to install: 5 minutes

Supported Observables

  • IP
  • MD5
  • SHA1
  • SHA356
  • URL

Contributing to the Enclave

You can find the COVID-19 OSINT Enclave on the “Open Sources” section of the Navigation Panel.

We encourage you to use this intelligence source via the following tools:

Community & Community Plus Users

All Foundation, Enterprise, and Enterprise Intelligence Management Users

  • Configure your Application integrations with your detection, incident response and orchestration tools to include this data source for enrichment.


Q. How do I find the COVID-19 OSINT Enclave?

You can find the COVID-19 OSINT Enclave on the Open Sources section of the Navigation Panel.

Q. Who can submit reports?

The IBM X-Force IRIS team is leading the effort of curating an initial corpus of relevant observables related to COVID-19 and are publishing them to the COVID-19 Open Source Enclave. Reports will be added every 24 hours.

If you wish to contribute reports to this project contact

Q. Who can edit reports?

TruSTAR and IBM Liaison Community intel architects have edit access to reports. To request edits or report an inaccuracy, contact

Q. What happens when I tag a report with #covid-19?

Reports tagged with #covid-19 will NOT be automatically added to the COVID-19 OSINT Enclave. All reports tagged with #covid-19 can be found using Search and Wildcard features. Note: Tags are only visible to members from the Enclave you submitted to.

Q. Can I tag observables with #covid-19?

No. Only reports can be tagged with #covid-19 at this time.

Q. How long will this OSINT Enclave remain accessible?

This data will be updated and remain available for however long this data is deemed valuable to the community.

Q. How do I request credentials?

If you are not already a member of TruSTAR, you can request credentials here:

Please contact for questions or support.

How Did We Do?