Threat Intelligence

Threat Intelligence is a vital part of the security portfolio at every enterprise. Mitigating the consequences of cyber-attacks has been becoming increasingly more expensive and time consuming, as displayed in mass media. With the help of cyber intelligence, it’s possible to predict cyber-attacks and prepare for them in advance.

We collect and analyze large amounts of unique and proprietary information to deliver tailored, trusted and actionable intelligence to predict risks, while preventing and mitigating any targeted attacks.

Get full access to information that helps to predict and mitigate cyber attacks – free 2 weeks trial

Use full functionality of system during trial.

No installation required

Get all the information through web-interface or API. We start to deliver tailored data in one day aſter the start of subscription.
Get a personalized threat report aſter your trial.

Maximize your cyber security with your personal analyst:

  • Send malware samples for analysis,
  • Request additional information on actual threats (cyber-criminal groups, phishing emails, domain names and IP addresses),
  • Leverage your response procedures with Group-IB team – takedown phishing sites, block fraudulent mobile applications and much more.

Easy-to-use and Highly Functional

Cloud-based service

All the information can be easily accessed through web-based UI. See the notifications and get into details in a real time mode.

Personal analyst

You can address your questions and requests to dedicated expert analyst to get clarifications or to have a tailored operational report on threats and cyber criminals

Reporting module

Use visualization tools and modules to work with statistics, see and track trends, make efficient decisions based on statistical analysis

One-step integration

Include Group-IB Threat Intelligence into your existing processes and systems using STIX/TAXII technology using standard workflow.

  • Discover 99% of domains, websites, mobile applications and SSL-certificates, that are using your brand, just in three hours.
  • Fast and efficient blocking of malicious websites in .RU, .РФ and in other 1100 domain zones.
  • Our private technology of discovering email addresses, that phishing attacks coordinators use to collect stolen information.


  • Deep investigations of cyber security trends, attacks, cyber criminal groups, their tactics and tools
  • Annual, quarterly and monthly reports on cyberthreats and trends, key events and incidents in the cyber security sphere, predic-tions and prognoses from Group-IB experts
  • Tailored analytics on demand
  • Build your cyber security strategy based on predictions, made by world class experts
  • Maximize ROI on cybersecurity projects and initiatives, including incident response and support from your personal analysts


  • New malware tools and services, cybercrimi-nal community trends and actions, changes in tactics and tools of cyber criminals
  • Deep investigations of underground cybercriminal communities and forumsHacktivists, their tactics, tools, profiles and attacks
  • Access to a closed global community forum of clients
  • Build your cyber security strategy based on predictions, made by world class experts
  • Maximize ROI on cybersecurity projects and initiatives, including incident response and support from your personal analysts


  • Information on compromised accounts, banking cards, infected mobile devices plus rich context on each incident – time, tools, C2, relative cybercriminal groups
  • Configuration files of malicious soſtware
  • Command and Control server information with rich context about them
  • Intelligence on DDoS, deface attacks
  • Suspicious IP address database (TOR, SOCKS, proxy)
  • Prevent cyber security incidents and cyber heists at your clients, stop cyberespionage operations targeting your employees and partners
  • Discover and detect malicious soſtware and complex cyber-attack tools, that are not detected by antivirus soſtware
  • Block connections to malicious nodes and detect suspicious activity in your network

“Having its base in Eastern Europe offers Group-IB the advantage of getting visibility on many threats originating from this region, and its local presence offers the ability to better infiltrate the many threat actors based in this region. Involved in the most high-profile investigations allows Group-IB to get more information about cybercriminals, their relationships and other intelligence”
-”Competitive Landscape: Threat Intelligence Services, Worldwide”, Gartner, 2015


  • Who attacks you, your clients, companies that are similar to yours
  • How, using which tools and tactics those attacks are committed
  • Which of your clients or employees are already hit by cyber criminals
  • What do cybercriminals discuss at underground forums with respect to your company
  • How cybercriminals are able or already use your brand to achieve their goals

%95: Percentage of intelligence from unique data sources.

2000+: Number of phishing links discovered by Group-IB each day.

  • Enterprise
  • Access to a closed global community forum of clients
  • Tailored and general notifications about cyber threats
  • Analysis and information on malicious soſtware
  • Compromised accounts and context on relevant threats
  • IMEI IDs of infected mobile devices
  • Information on DDoS attacks
  • Suspicious IP addresses
  • Phishing sites discovering and on-demand takedown procedure
  • Financial
  • Full capabilities of Enterprise pack, PLUS:
  • Compromised banking card data
  • Detailed information on malware, targeting your customers
  • Money mules section, including banking accounts, card numbers and other credentials, that cybercriminals use to transfer money acquired illegally
  • 40 Hours of analyst support per quarter
  • Ultimate
  • Full capabilities of Financial pack, PLUS:
  • Discovering and response on fraudulent and malicious SSL-certificates, domain names, phishing web-sites and mobile applications, contextual advertising that misuse your brand
  • Extraction of phishing kits and making them able to be analyzed
  • Blocking of email addresses, that are used to collect stolen at phishing sites user credentials
  • 80 Hours of analyst support per quarter