Threat IntelligenceActionable Threat Intelligence
from the World's Top Cybercrime Experts
Product tourWatch now

Group-IB has been pioneering incident response and cybercrime investigation practices in Russia since 2003. This experience and understanding of threat actors’ behaviours have evolved from our own investigation tool to intelligence gathering network which now feeds Group-IB Threat Intelligence.

Watch now

Group-IB Threat Intelligence has been recognized by top industry researchers

Group-IB is an official Interpol and Europol partner, fighting cybercrime on a global scale

Get the Most out of Group‑IB Threat Intelligence
Track threat actors planning to, or targeting your companyDiscover more
Know about and prepare for actors that aim to disrupt your business. Get proactive notifications on planned attacks, changing TTPs and evolving behaviours from our database of 100,000+ threat actor profiles gained over 15 years of international investigations.
Actionable security briefs on potential threats
Be prepared for future attacks with detailed information and IoCs of new threats targeting your industry or company. Threat briefs are crafted by experienced intel experts, rated in terms of reliability and include actionable recommendations how to mitigate threat.
Dedicated analyst with the passion to solve complex cases
Access to a dedicated intel analyst to conduct custom research (RFI). Group-IB experts collect and analyze information in multiple languages, contextualize threats that are opaque to outsiders. Up to 40 hours of personal analyst support are included in Group-IB Threat Intelligence subscription pack.
Acquire Strategic Intel & Forecasts
Keep up with the constantly changing threat landscape to better understand if you need to adjust your IT security investment strategy. Tailored for CISOs and top-managers: metrics, reporting, monthly dispatches, annual trends & forecast reports.
Monitor Deep and Dark Web
Receive warnings of threats from sources which are either inaccessible, or misunderstood, by outsiders. Group-IB has sockpuppets developed over 10 years and have infiltrated sources in closed hacking communities where crawlers, scripts or "big data" are ineffective.
Detect data leakage before it ends up for sale on underground
Identify compromised data from malware control panel or criminal infrastructure - accounts, bank cards, money mules, International Mobile Equipment Identity (IMEIs) - along with information on when, where and how it has been exposed. Context enables not only reaction but also close down the source of compromise to prevent further damage.
Enrich your existing security stack
Improve blocking and detection capabilities of your security system by enriching it with indicators from Group-IB Threat Intelligence. We detect threats originating from Russia and Eastern Europe at the attack preparation and testing stages, allowing clients to identify attacks at the early stages. Group-IB Threat Intelligence is available through Threat Intelligence Platforms (TIPs), API, STIX/TAXII for easy integration into SIEM, firewall, IDS/IPS and other security systems.
Detect, investigate and remove phishing
Group-IB proprietary technology allows to detect 5000+ unique cases of phishing daily. It is designed to proactively hunt for phishing based on customized criteria, extract phishing kits and automatically respond to speed up detection, investigation and mitigation of phishing attacks. For the most complex cases CERT-GIB uses its authority to remove phishing pages on average less time than global providers. We also give rich context to identify and block threat actors’ email addresses where stolen credentials have been transferred.
Monitor and remove cases of brand abuse
Group-IB Threat Intelligence detects fraudulent web-sites at the domain creation stage. We warn you about advertising pushing your customers to malicious domains, identified expired and fake SSL certificates, fake or malicious mobile applications.
Product tour
Product tour

Finished threat intelligence with advanced RFI service

  • Human intelligence - incident response, investigations, cybercriminal communication interception
  • Malware intelligence - network sensors & sandboxing, honeypots, sinkholing, spam traps
  • Data intelligence - C&C forensics, malware ATS, card shops, compromised data checkers, phishing collection points
  • Open sources - URL sharing, public sandboxes, blogs and reports, social media, proxy and VPN services
  • Patented algorithms and machine learning for rapid data correlation
  • Proprietary phishing detection & phishing kit extraction technology
  • 50+ ISP-level network sensors and honeypot network
  • Automated malware config extraction
  • Compromised data search and extraction tools
  • Internet fingerprinting
  • Machine learning detection engines
  • No network integration required
  • Web interface with detailed reports on detected threats
  • STIX / TAXII / API integration with existing security stack
  • Access to personal analyst support (RFI)
  • Monthly threat dispatches and annual reports
  • Best-in-class analyst capabilities and RFI service
  • 5 years of incident response & investigations experience
  • 200+ multilingual experts in Russia, Middle East, North & South America, Asia
  • 24/7 CERT-GIB to resolve the most urgent incidents
  • Integrated into threat intelligence platforms: Anomali, EclecticIQ, ThreatConnect, ThreatQuotient
  • Official partner of international cyber crime fighters: Interpol, Europol, IMPACT
  • Accredited member of international associations: FIRST and Trusted Introducer


Unique insight, access and visibility other vendors simply do not have, particularly dealing with threats to the financial sector. Rapid response times to requests for information, leading edge target knowledge and cultural context, professional team who regularly exceed expectations with a platform that was easy to integrate in to our broader corporate strategy.

Finance Industry,


One of our best vendors, Group IB is quick to answer our RFIs with quality intel. Also, this vendor provides insight on how to use their data to maximize our gain at no cost. To maximize their value, route their data with APIs.

Finance Industry, North America


The use cases I selected were related to Asia region which proved the provider not only focus its coverage in its country but global as well. Their analysis included actual TTPs instead of only IOCs (i.e. hash values, IP addresses). On the other hand, the sales service is very good - fast, accurate, straightward.

Finance Industry,

Contact us to get more information about Group-IB Threat Intelligence or register for product demo


Thank you for the inquiry!
We will contact you soon
to scheldule you free trial.

Please fill in the form below and we will send you detailed description


Thank you for the inquiry!
We will contact you soon.

Report an incident

24/7 Incident Response Assistance +7 495 984-33-64

Thank you!
We will contact you soon.