The lack of standardized collection, correlation analysis, and cross-platform sharing of disinformation and influence-operation threat intelligence hinders coordinated defense. Method: This paper introduces the first open-source threat intelligence exchange platform for disinformation. It proposes the first DISARM-based (analogous to MITRE ATT&CK) modeling of disinformation tactics, techniques, and procedures (TTPs), deeply aligned with STIX 2.1; designs a custom OpenCTI connector for production-grade integration; and adopts a Dockerized architecture supporting React/Vue frontends and a FastAPI backend. Contribution/Results: We deliver a reproducible, end-to-end Cyber Threat Intelligence (CTI) workflow, validated on 100+ real-world disinformation incidents, enabling scalable intelligence ingestion, multi-source correlation, and interactive visualization. All source code, ontology mappings, and data models are publicly released—establishing the first open, structured threat intelligence infrastructure dedicated to disinformation.

This paper introduces DISINFOX, an open-source threat intelligence exchange platform for the structured collection, management, and dissemination of disinformation incidents and influence operations. Analysts can upload and correlate information manipulation and interference incidents, while clients can access and analyze the data through an interactive web interface or programmatically via a public API. This facilitates integration with other vendors, providing a unified view of cybersecurity and disinformation events. The solution is fully containerized using Docker, comprising a web-based frontend for user interaction, a backend REST API for managing core functionalities, and a public API for structured data retrieval, enabling seamless integration with existing Cyber Threat Intelligence (CTI) workflows. In particular, DISINFOX models the incidents through DISARM Tactics, Techniques, and Procedures (TTPs), a MITRE ATT&CK-like framework for disinformation, with a custom data model based on the Structured Threat Information eXpression (STIX2) standard. As an open-source solution, DISINFOX provides a reproducible and extensible hub for researchers, analysts, and policymakers seeking to enhance the detection, investigation, and mitigation of disinformation threats. The intelligence generated from a custom dataset has been tested and utilized by a local instance of OpenCTI, a mature CTI platform, via a custom-built connector, validating the platform with the exchange of more than 100 disinformation incidents.