OSINT IOCs section

In addition to lookup results, Kaspersky Threat Intelligence Portal provides open-source intelligence (OSINT) for the requested objects (file hashes (MD5, SHA1, SHA256), IP addresses, domains, web addresses, and strings that align with recognized host naming conventions).

Summary generated by AI and based on data from open sources provides key information about the IOC. The details provided in the summary can be verified and explored further in articles and posts where the IOC is mentioned.

To search for information from various open sources related to an object,

In the Search field on any Kaspersky Threat Intelligence Portal page, enter an object you want to investigate and press Enter.

On the Threat Lookup ( Lookup. )→ AI icon. OSINT IOCs page, Kaspersky Threat Intelligence Portal displays AI-generated summary and a list of posts in which the requested object is mentioned.

To view summaries, give consent to the use of AI-generated content:

In the Summary section on the AI icon. OSINT IOCs page, read the agreement and click Accept.

The consent needs to be accepted only once—at the first display of the summary. Further, all available summaries will be displayed on the AI icon. OSINT IOCs page. Also, you can accept the Artificial Intelligence (AI) Technology Usage Agreement using the Legal API.

The AI-generated summary may contain inaccurate or unreliable information. Please take this into consideration when using the information.

Depending on the found information, an AI-generated summary may contain sections described in the table below.

Summary sections

Section	Description
Observed	Date a threat was observed (encountered).
Threat actors	Group that performed the cyber-attack.
Affected areas	Geographic regions that were attacked.
Affected industries	Industries that were attacked.
Associated software	Software associated with the attack.
Exploited vulnerabilities	Common vulnerabilities and exposures.
Exploited weaknesses	Common weakness enumeration.
General threat information	General information about a threat.
Highlights	Key information about a cyber-attack from open sources.

A summary is not provided for reserved IP addresses.

The search results for the object also include articles and posts found in open sources. The AI icon. OSINT IOCs section contains information described in the table below.

OSINT IOCs section

Field	Description
Date	Post publication date.
Source	Link to a post. In some cases, the requested object may not be mentioned in the post by a direct link, but referenced in posts linked from the original post.
Hash	Available only if a hash was the search object. Hash type used to find the article (MD5, SHA1 or SHA256).

Field

Description

Date

Post publication date.

Source

Link to a post. In some cases, the requested object may not be mentioned in the post by a direct link, but referenced in posts linked from the original post.

Hash

Available only if a hash was the search object.

Hash type used to find the article (MD5, SHA1 or SHA256).

For hashes, the search results include not only posts related to the requested hash, but also those associated with other hashes known to belong to the identified file. For example, if you search for an MD5 hash, posts related to the MD5, SHA1 and SHA256 hashes of the file are also shown.

Page top