Graph Network Analysis

Automated graph network analysis system for cybercrime investigations, threat attribution, detection of phishing & fraud

Request a demo

Establishing links between cybercriminal groups, phishing attacks, botnets, and fraudulent transactions

Significantly increased rate of successful investigations

Detection of malicious domains and files just within seconds

Network graph use cases

Fast cybercrime investigations

Network infrastructure analysis helps to identify cybercriminals’ legitimate projects and contact details linked to his real identity

Proactive phishing hunting

All the resources connected to the fraudulent resource or phishing attack might be scanned for similar content to enhance detection

Global threat hunting

Attacker’s infrastructure exposure, both active and hidden, and at the attack preparation stage

Search for backends

Find servers hidden behind proxy services to identify the real hosting provider

Key users of graph analysis

SOC/CERT analysts
Threat Researchers
Threat Intelligence & Attribution analysts
Digital Forensics specialists

Search data

Domain registration data
DNS – domain records, files, profiles, tags
Backend servers hidden by proxies
Service banners (domains, redirections, error codes)
Hidden registration data (IDs, hosting providers)
History of registration data, hosting-related transfers, set of services
Service fingerprints on IP addresses (cryptography, cookies, unique responses, etc.)
SSL certificate registration data (fingerprints, hosts, domains, email, etc.)

Case: phishing attack by Cobalt

In December 2018, Cobalt hacker group, which is known for targeting banks, sent out emails disguised as the National Bank of Kazakhstan. If cybersecurity experts had not found the phishing emails and did not have an opportunity to carry out the comprehensive analysis of malicious files, they could have created a graph based on the malicious domain nationalbank[.]bz, used by the cybercriminals. The created graph would have immediately shown the links to other malicious domains and Cobalt cybercriminal group, revealing what files have already been used in earlier attacks.

Group-IB solutions with incorporated graph network analysis

Threat Intelligence & AttributionAttack attribution framework for analyzing and managing adversariesRequest demo
Threat Hunting FrameworkAdversary-centric detection and proactive global threat huntingRequest demo

Contact us to get more information about Group-IB Threat Intelligence & Attribution or register for product demo

Try Threat Hunting Framework in action — VM installation for easy access. Please leave us your contact information to arrange a free proof of concept

Get new report
Ransomware Uncovered 2021/2022

The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Get new report Ransomware Uncovered 2021/2022