Group-IB Threat Intelligence & Attribution
Group-IB Threat Intelligence & Attribution integration with ThreatConnect provides users access to unique first-hand data obtained via investigation, response, forensic activities, dark web monitoring, and by a stack of proprietary patented technologies.
The data is offered in the following sections:
- Compromised data: logins and passwords intercepted by threat actors, compromised mobile devices by IMEI from mobile botnets.
- Human intelligence: Adversary-centric research of threat actors either regular criminals or state-sponsored threat actors. Including information collected from closed communities and communication channels in the dark web.
- DDoS and Deface attacks: gathered by numerous Group-IB network sensors around the world provide us the opportunity to discover who is the target, how the attack is evolving and inform the users in real-time.
- Phishing attacks and phishing kits analysis: data comes from continuous internet fingerprinting (all IPv4 space, domains, SSL, SSH), SPAM-traps, sinkholing, and CERT community. Additionally Group-IB TI&A extracts phishing collection points (emails used by an attacker) from phishing kits.
- Malware intelligence: Group-IB Malware Detonation Platform researches thousands of malicious files daily to extract IoCs and see if relevant network environments (domains, IPs, etc.) were targeted to notify users.
- Vulnerabilities: huge archive and hourly updates on known and new vulnerabilities and exploits
- Suspicious IPs: Tor-nodes and proxies which may be used by threat actors
To get this app, click the Download button on the left.