Threat Intelligence search feature

Kaspersky Threat Intelligence Portal allows you to search threat intelligence information about various types of objects in all Kaspersky services databases in parallel:

• Indicators of compromise: lookup results for hashes (MD5, SHA1, SHA256), IP addresses, domains, web addresses.
• Full-text search: Actor Profiles, APT Intelligence Reporting, Crimeware Threat Intelligence Reporting, Industrial Threat Intelligence Reporting, Digital Footprint Intelligence, Surface web, and Dark web search results.
• Simple Elasticsearch queries: Surface web, Dark web, and Digital Footprint Intelligence information only. For other services, the search is performed by a complete match with the entered query.

The search field (Search) is located on each Kaspersky Threat Intelligence Portal page: you do not need to navigate to a certain service section to request specific information.

If you start a search on one of the Threat Lookup tabs (for example, Dark web or Surface web), the selected page remains active when the search results are displayed.

The Threat Lookup page contains the following sections:

• Lookup—Lookup results for hashes, IP addresses, domains, and web addresses.
• Dark web—Search results against a limited set of Dark web and other hidden publications.
• Surface web—Search results against a limited set of publications in various social media.
• OSINT IoCs—Open-source intelligence: information about posts that mention the requested hash.
• Reporting—Search results against APT Intelligence reports, Crimeware Threat Intelligence reports, Industrial Threat Intelligence reports (including search in report names and descriptions, contents of the report in PDF format, IOC and YARA files).

  If necessary, you can use filters () to narrow the amount of displayed results:

  • In the Date column, use the date pickers (calendar) or predefined filters (Month or Year) to specify a certain period and click Apply.
  • In the Group column, you can select groups that the report belongs to: APT for APT Intelligence reports, Crimeware for Crimeware Threat Intelligence reports, Industrial for Industrial reports. By default, all types of reports are selected.
  • In the Report column, you can select whether you want to view all reports or only demo reports: All option for all reports and Demo option for demo reports only.
  • In the Tags column, you can specify required tags. The number of selected tags of each type is displayed by the type name. If necessary, clear tags selection by clicking the Clear filters button.
• Actors—Search results against actor names and tags.
• Digital Footprint—Search results against names and contents of Digital Footprint Intelligence reports, names and descriptions of vulnerabilities, and recommendations for solving the vulnerability.

  If necessary, you can use filters () to narrow the amount of displayed results.

  On the Threats tab:

  • In the Date column, select a specific date or time interval when a threat was detected, or use predefined filters Week or Month.
  • In the Risk column, select one or several threat risk levels (Info, Critical, High, Medium, Low).
  • In the Category column, select one or several threat categories, for example Vulnerability, Malware, Person, Leakage, Dark web.
  • In the Object column, select one or several objects associated with detected threats.
  • In the Tags column, select one or several tags associated with threats.

  On the Reports tab, in the Date column, select a specific date or time interval when a report was published, or use the predefined Week or Month filters.

By section names, the number of results is displayed.

In this section Dark web section Surface web section

Page top