Group-IB

The Group-IB Threat Intelligence Job App integration with ThreatConnect provides users access to unique first-hand data obtained via investigation, response, forensic activities, dark web monitoring, and by a stack of proprietary and patented technologies. The integration enables Group-IB feeds to be ingested into ThreatConnect TI Ops and transforms them into Group and Indicator objects.

The following Threat Intelligence is available with an active Group-IB Threat Intelligence License:

• Threats - intelligence on cybercriminals, nation-state actors, ransomware DLS, threat landscape, threat bulletins, and analyst reports
• Compromises - covers compromised accounts, cards, IMEI, public and git leaks, and breached databases
• Suspicious indicators - Tor nodes, open and Socks proxies, scanning IPs, and VPN exit nodes
• Malware - malware profiles, data from malware detonations, malware configuration files, extracted phishing kits, Suricata/YARA rules, and vulnerabilities
• Attacks - DDoS attacks, phishing URLs, and defaced websites
• IOC Common Feed - high-priority, customized IOCs associated from threat actor and malware profiles

The Group-IB Threat Intelligence Job App is available under Downloads.