Threat Intelligence

Threat Intelligence

Actionable Threat Intelligence from the World’s Top Cybercrime Experts

Group-IB has been pioneering incident response and cybercrime investigation practices since 2003. This experience and understanding of threat actors’ behaviours have evolved from our own investigation tools to an intelligence gathering network that now feeds Group-IB Threat Intelligence.

Get the Most out of Group‑IB Threat Intelligence

Track threat actors targeting or planning to target your company

Be aware of and prepare for actors who aim to disrupt your business. Receive proactive notifications about on planned attacks, changing TTPs, and evolving behaviours from our database of 100,000+ threat actor profiles compiled over 15 years of international investigations.

Actionable security briefs on potential threats

Be prepared for future attacks with detailed information and IoCs of new threats targeting your industry or company. Threat briefs are drafted by experienced intel experts, rated in terms of reliability and include actionable recommendations on how to mitigate threats.

Dedicated analysts passionate about solving complex cases

Access to dedicated intel analysts to conduct custom research (RFI). Group-IB experts collect and analyse information in multiple languages, and provide background to threats that are unclear to outsiders. Up to 40 hours of personal analyst support are included in the Group-IB Threat Intelligence subscription pack.

Acquire Strategic Intel & Forecasts

Keep up with the constantly changing threat landscape to better understand whether you need to adjust your IT security investment strategy. Tailored for CISOs and top-managers: metrics, reporting, monthly dispatches, annual trends & forecast reports.

Monitor the Deep and Dark Web

Receive warnings of threats from sources which are either inaccessible to or misunderstood by outsiders. Group-IB has sockpuppets developed over 10 years and has infiltrated sources in closed hacking communities where crawlers, scripts or “big data” are ineffective.

Detect leaked data before it ends up for sale on the black market

Identify compromised data from malware control panel or criminal infrastructure – accounts, bank cards, money mules, International Mobile Equipment Identity (IMEIs) — along with information on when, where and how it has been exposed. Context enables to not only reaction to but also shut down the source of the breach to prevent further damage.

Enrich your existing security stack

Improve your system’s blocking and detection capabilities by enriching it with indicators from Group-IB Threat Intelligence. We detect threats that originate in Russia and Eastern Europe at the attack preparation and testing stages, which helps clients identify attacks early. Group-IB Threat Intelligence is available through Threat Intelligence Platforms (TIPs), API, STIX/TAXII and can be aesily integrated into SIEM, firewalls, IDS/IPS, and other security systems.

Detect, investigate and remove phishing

Group-IB proprietary technology helps detect 5,000+ unique cases of phishing daily. It is designed to proactively hunt for phishing based on customised criteria, extract phishing kits, and respond automatically in order to speed up the detection, investigation, and mitigation of phishing attacks. For the most complex cases, CERT-GIB uses its authority to remove phishing pages quicker on average than global providers. We also provide a rich background to help identify and block threat actors’ email addresses in cases where stolen credentials have been transferred.

Monitor and counteract brand abuse

Group-IB Threat Intelligence detects fraudulent websites at the domain creation stage. We warn about advertising that pushes your customers to malicious domains, identified expired and fake SSL certificates, and fake or malicious mobile applications.

Finished threat intelligence with advanced RFI service

  • Human intelligence — incident response, investigations, interception of cybercriminal communications
  • Malware intelligence — network sensors & sandboxing, honeypots, sinkholing, spam traps
  • Data intelligence — C&C forensics, malware ATS, card shops, compromised data checkers, phishing collection points
  • Open sources — URL sharing, public sandboxes, blogs and reports, social media, proxy and VPN services

  • Patented algorithms and machine learning for rapid data correlation
  • Proprietary phishing detection & phishing kit extraction technology
  • 50+ ISP-level network sensors and honeypot network
  • Automated malware configuration extraction
  • Compromised data search and extraction tools
  • Internet fingerprinting
  • Machine learning detection engines

  • No network integration required
  • Web interface with detailed reports on detected threats
  • STIX/TAXII/API integration with existing security stack
  • Access to personal analyst support (RFI)
  • Monthly threat dispatches and annual repor

  • Best-in-class analyst capabilities and RFI service
  • 15 years of experience in incident response & investigations
  • 200+ multilingual experts in Russia, the Middle East, North & South America, Asia
  • 24/7 CERT-GIB to resolve the most urgent incidents

  • Integrated into threat intelligence platforms: Anomali, EclecticIQ, ThreatConnect, ThreatQuotient
  • Official partner of international cyber crime fighters: Interpol, Europol, IMPACT
  • Accredited member of international associations: FIRST and Trusted Introducer

Contact Us for more Information

Contact us via e-mail or online enquiry form and we will get back to you as soon as possible.