Threat Intelligence

Actionable Threat Intelligence
from the World's Top Cybercrime Experts
Product tour
Download leaflet Watch now

Group-IB has been pioneering incident response and cybercrime investigation practices since 2003. This experience and understanding of threat actors’ behaviours have evolved from our own investigation tools to an intelligence gathering network that now feeds Group-IB Threat Intelligence.

Watch now

Group-IB Threat Intelligence is recognised by top industry researchers

Group-IB is an official Interpol and Europol partner, fighting cybercrime on a global scale

Get the Most out of Group‑IB Threat Intelligence
Track threat actors targeting or planning to target your companyDiscover more
Be aware of and prepare for actors who aim to disrupt your business. Receive proactive notifications about planned attacks, changing TTPs, and evolving behaviours from our database of 100,000+ threat actor profiles compiled over 17 years of international investigations.
Actionable security briefs on potential threats
Be prepared for future attacks with detailed information and IoCs of new threats targeting your industry or company. Threat briefs are drafted by experienced intel experts, rated in terms of reliability and include actionable recommendations on how to mitigate threats.
Dedicated analysts passionate about solving complex cases
Access to dedicated intel analysts to conduct custom research (RFI). Group-IB experts collect and analyse information in multiple languages, and provide background to threats that are unclear to outsiders. Up to 40 hours of personal analyst support are included in the Group-IB Threat Intelligence subscription pack.
Acquire Strategic Intel & Forecasts
Keep up with the constantly changing threat landscape to better understand whether you need to adjust your IT security investment strategy. Tailored for CISOs and top-managers: metrics, reporting, monthly dispatches, annual trends & forecast reports.
Monitor the Deep and Dark Web
Receive warnings of threats from sources which are either inaccessible to or misunderstood by outsiders. Group-IB has sockpuppets developed over 10 years and has infiltrated sources in closed hacking communities where crawlers, scripts or "big data" are ineffective.
Detect leaked data before it ends up for sale on the black market
Identify compromised data from malware control panel or criminal infrastructure - accounts, bank cards, money mules, International Mobile Equipment Identity (IMEIs) — along with information on when, where and how it has been exposed. Context enables to not only reaction to but also shut down the source of the breach to prevent further damage.
Enrich your existing security stack
Improve your system’s blocking and detection capabilities by enriching it with indicators from Group-IB Threat Intelligence. We detect threats that originate in Russia and Eastern Europe at the attack preparation and testing stages, which helps clients identify attacks early. Group-IB Threat Intelligence is available through Threat Intelligence Platforms (TIPs), API, STIX/TAXII and can be aesily integrated into SIEM, firewalls, IDS/IPS, and other security systems.
Detect, investigate and remove phishing
Group-IB proprietary technology helps detect 5,000+ unique cases of phishing daily. It is designed to proactively hunt for phishing based on customised criteria, extract phishing kits, and respond automatically in order to speed up the detection, investigation, and mitigation of phishing attacks. For the most complex cases, CERT-GIB uses its authority to remove phishing pages quicker on average than global providers. We also provide a rich background to help identify and block threat actors’ email addresses in cases where stolen credentials have been transferred.
Monitor and counteract brand abuse
Group-IB Threat Intelligence detects fraudulent websites at the domain creation stage. We warn about advertising that pushes your customers to malicious domains, identified expired and fake SSL certificates, and fake or malicious mobile applications.
Product tourProduct tour

Graph Network Analysis

Automated graph network analysis system for cybercrime investigations, threat attribution, detection of phishing & fraud

Fast cybercrime investigations

Network infrastructure analysis helps to identify cybercriminals’ legitimate projects and contact details linked to his real identity

Global threat hunting

Attacker’s infrastructure exposure, both active and hidden, and at the attack preparation stage

Proactive phishing hunting

All the resources connected to the fraudulent resource or phishing attack might be scanned for similar content to enhance detection

Finished threat intelligence with advanced RFI service

  • Human intelligence — incident response, investigations, interception of cybercriminal communications
  • Malware intelligence — network sensors & sandboxing, honeypots, sinkholing, spam traps
  • Data intelligence — C&C forensics, malware ATS, card shops, compromised data checkers, phishing collection points
  • Open sources — URL sharing, public sandboxes, blogs and reports, social media, proxy and VPN services
  • Patented algorithms and machine learning for rapid data correlation
  • Proprietary phishing detection & phishing kit extraction technology
  • 50+ ISP-level network sensors and honeypot network
  • Automated malware configuration extraction
  • Compromised data search and extraction tools
  • Internet fingerprinting
  • Machine learning detection engines
  • No network integration required
  • Web interface with detailed reports on detected threats
  • STIX/TAXII/API integration with existing security stack
  • Access to personal analyst support (RFI)
  • Monthly threat dispatches and annual reports
  • Best-in-class analyst capabilities and RFI service
  • 17 years of experience in incident response & investigations
  • 370+ multilingual experts in Russia, the Middle East, North & South America, Asia
  • 24/7 CERT-GIB to resolve the most urgent incidents
  • Integrated into threat intelligence platforms: Anomali, EclecticIQ, ThreatConnect, ThreatQuotient
  • Official partner of international cyber crime fighters: Interpol, Europol, IMPACT
  • Accredited member of international associations: FIRST and Trusted Introducer


Unique insight, access and visibility other vendors simply do not have, particularly dealing with threats to the financial sector. Rapid response times to requests for information, leading edge target knowledge and cultural context, professional team who regularly exceed expectations with a platform that was easy to integrate in to our broader corporate strategy.

Finance Industry,


One of our best vendors, Group-IB is quick to answer our RFIs with quality intel. Also, this vendor provides insight on how to use their data to maximize our gain at no cost. To maximize their value, route their data with APIs.

Finance Industry, North America


The use cases I selected were related to Asia region which proved the provider not only focus its coverage in its country but global as well. Their analysis included actual TTPs instead of only IOCs (i.e. hash values, IP addresses). On the other hand, the sales service is very good - fast, accurate, straightward.

Finance Industry,

Contact us to get more information about Group-IB Threat Intelligence or register for product demo

Please fill in the form below and we will send you detailed description

Report an incident

24/7 Incident Response Assistance +65 3159-4398

Thank you for the inquiry! We will contact you soon.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

All you need to know to #StayCyberSafe