CanCyber Threat Hunting

CanCyber provides real time threat indicator sharing and tools to turn indicators into action. Powered by MISP, Yara, and Zeek Network Security Monitor (BroIDS), export indicators into your own equipment or use our malware hunting tools on the endpoint, domain, or network. CanCyber is not currently accepting new member referrals.

Financé par le gouvernement du Canada | Funded by the Government of Canada

For endpoints and networks

CanCyber is a free service for Canadian businesses and organizations.

CanCyber focuses primarily on APT type state sponsored cyber espionage threats from China, Russia, DPRK, and Iran. We are now expanding to also include serious criminal activity.

Our goal is to provide a platform for sharing huntable indicators and threats without barriers of technology or cost. We know the biggest burden to enterprise Cyber Threat Intelligence is labour to action indicators - we've created tools to lower the friction of threat hunting in organizations big and small.

Ask Us

Beyond indicators

Enrich indicators with historical tracking data and detection tools.

File Indicators

The known, hashes, filenames, and Yara signatures - on disk and in memory.

Disk and memory scanning

Deploy scanning tools across your network in minutes and receive web based reporting immediately.

Network signatures

Domains, IPs, and beacon signatures.

Add your own data

Use your own indicators or signatures, or share them with your industry or community.

Real time alerts

Web based alerting to identified threats. 90 day data retention policy.

Analytics Solutions

Track the beginnings of targeted campaigns and incident response effectiveness.

Trusted by Industry

Membership by trust group referral.

  • MISP
  • Yara
  • Zeek