APT C&C Tracking Service delivers IP addresses of infrastructure connected to advanced threats. For each IP address, there is a name of an APT group, operation, or malware it is associated with, internet service provider, and autonomous system, collection of associated IP addresses hosting information, and dates when this was first and last seen.
A report on advanced persistent threats (APT) that include investigation results and full technical data. APT Intelligence reports are provided in PDF, OpenIOC, YARA Rules, and Suricata Rules formats. Available formats depend on a user's license type.
Resource that is usually legitimate but is infected or compromised at the moment of the analysis.
A report that provides information on attacks on a bank's infrastructure, ATMs, and point-of-sale (POS) devices. It describes Mobile Trojan bankers, new cyber-criminal techniques to bypass security solutions, and hybrid attacks with monitoring of cyber-criminal activities at early stage. Crimeware Threat Intelligence reports are provided in PDF, OpenIOC, YARA Rules, and Suricata Rules formats. The formats available depend on a user's license type.
The utility that can be used to run lookup searches and report requests by using the Kaspersky Threat Intelligence Portal API.
Recently published topics, comments, or advertisements on the Dark web forums, shops, communication channels, and onion sites.
Defacement (also website or web defacement) is an attack on a website that alters its visual appearance or informational content.
A report that contains threat intelligence that is specific for your organization. Digital Footprint Intelligence reports provide information about the following: identification of threat vectors, malware and cyberattack tracking analysis, third-party attacks, information leakage, and current attack status.
The certificate used by Kaspersky Threat Intelligence Portal for customer authentication when working with the service online and / or using the Kaspersky Threat Intelligence Portal API. The certificate and its password are provided by a Kaspersky Technical Account Manager.
Provided permissions depend on Kaspersky Threat Intelligence Portal user's account settings and can be changed by a Kaspersky Technical Account Manager.
Kaspersky Industrial Threat Intelligence Reporting Service provides customers with heightened intelligence and awareness of malicious campaigns targeting industrial organizations, as well as information on vulnerabilities found in the most popular industrial control systems and underlying technologies. Industrial reports are provided in PDF, OpenIOC, YARA Rules, and Suricata Rules formats. Available formats depend on a user's license type.
The utility that can be used to run requests using the Kaspersky Threat Intelligence Portal API. The utility can be downloaded from this Help document.
Provides any kind of information related to the company that was found on online content hosting services such as Pastebin. Compromised employee accounts, client's bank cards, credentials for access to the internal systems, as well as other sensitive information.
Notifications about malicious activity that involve company's resources. Provides alerts on:
A cryptographic hash function that produces a 128-bit hash value. The 128-bit hash value is represented as a sequence of 32 hexadecimal digits.
Information on the company's employees (email address, position, social network accounts, and more) found in public sources.
Ransomware is a type of Trojan that modifies user data on a victim's computer so that the victim can no longer use the data or fully run the computer. Once the data has been "taken hostage" (blocked or encrypted), the user receives a ransom demand. The last tells the victim to send the malefactor money; on receipt of this, the cybercriminal promises to send a program to the victim to restore the data or restore the computer's performance.
An isolated safe environment that allows you to upload and execute files.
A cryptographic hash function that produces a 160-bit hash value. The 160-bit hash value is represented as a sequence of 40 hexadecimal digits.
A cryptographic hash function that produces a 256-bit hash value. The 256-bit hash value is represented as a sequence of 64 hexadecimal digits.
A group of reasons evaluated as unusual actions by the detection technology, insufficient for complete incident generation, and thus listed for informational or further investigation purposes.
Continuously updated reports informing about risks and implications associated with cyber threats. Threat Data Feeds are available in JSON, CSV, OpenIOC, and STIX formats, and provided with connectors for SIEMs, including Splunk, ArcSight, IBM QRadar, RSA NetWitness, LogRhythm, and McAfee Enterprise Security Manager (ESM).
Notifications about newly discovered security issues on the company's network perimeter resource. Provides information about vulnerable or misconfigured service, and short-term recommendations for remediation.
Vulnerabilities of incorrectly designed, implemented, or configured web resources that could be exploited by attackers to compromise their integrity, availability, or confidentiality.
A protocol that is used for querying databases that store the registered users or assignees of internet resources such as domains, IP addresses, or autonomous systems.
Page top