Graph Network Analysis

Automated graph network analysis system for cybercrime investigations, threat attribution, detection of phishing & fraud

Request a demo

Establishing links between cybercriminal groups, phishing attacks, botnets, and fraudulent transactions

Significantly increased rate of successful investigations

Detection of malicious domains and files just within seconds

Network graph use cases

Fast cybercrime investigations

Network infrastructure analysis helps to identify cybercriminals’ legitimate projects and contact details linked to his real identity

Proactive phishing hunting

All the resources connected to the fraudulent resource or phishing attack might be scanned for similar content to enhance detection

Global threat hunting

Attacker’s infrastructure exposure, both active and hidden, and at the attack preparation stage

Search for backends

Find servers hidden behind proxy services to identify the real hosting provider

Key users of graph analysis

SOC/CERT analysts
Threat Researchers
Threat Intelligence analysts
Digital Forensics specialists

Search data

Domain registration data
DNS – domain records, files, profiles, tags
Backend servers hidden by proxies
Service banners (domains, redirections, error codes)
Hidden registration data (IDs, hosting providers)
History of registration data, hosting-related transfers, set of services
Service fingerprints on IP addresses (cryptography, cookies, unique responses, etc.)
SSL certificate registration data (fingerprints, hosts, domains, email, etc.)

Case: phishing attack by Cobalt

In December 2018, Cobalt hacker group, which is known for targeting banks, sent out emails disguised as the National Bank of Kazakhstan. If cybersecurity experts had not found the phishing emails and did not have an opportunity to carry out the comprehensive analysis of malicious files, they could have created a graph based on the malicious domain nationalbank[.]bz, used by the cybercriminals. The created graph would have immediately shown the links to other malicious domains and Cobalt cybercriminal group, revealing what files have already been used in earlier attacks.

Group-IB solutions with incorporated graph network analysis

Threat IntelligenceAttack attribution framework for analyzing and managing adversariesRequest demo
Threat Detection SystemAdversary-centric detection and proactive global threat huntingRequest demo

Contact us to get more information about Group-IB Threat Intelligence or register for product demo

Thank you for the inquiry! We will contact you soon.

Try TDS in action — VM installation for easy access. Please leave us your contact information to arrange a free proof of concept

Thank you for the inquiry! We will contact you soon.

Report an incident

24/7 Incident Response Assistance +65 3159-4398

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.