Threat Services – Security Research – Threat Analysis

Artifacts – Security Researcher

You’re a security researcher who wants to analyze case artifacts for learning and/or fun and is not doing so on behalf of an organization. This service receives access to all artifacts and IOCs from our environments as well as access to our threat intelligence platform. Security Researcher use

Artifacts – Organization

This includes everything from the above service (ransomware files, webshells, beacons, PCAPS, Sysmon/event logs, memory images, etc.) but for organizations. This includes reported and unreported cases, access to artifacts and threat intel from our environments. This service also includes access to the TIP’s API to pull IOCs/events. Includes email Q&A as time permits. Internal use

Threat Feed

We track infrastructure related to Cobalt Strike, BazarLoader, Qbot, PoshC2, Covenant, Metasploit, Empire, Meterpreter stagers and more.

This threat feed is made available using our threat intel platform (MISP) which can be accessed via web, API, or MISP Sync. The feeds can be exported to txt, csv, STIX, MISP, etc. as needed to import into your IDS, SIEM, etc. We can provide a script (PowerShell or Bash) if needed to download the feed from the API.

We have two options for this service, internal use and commercial/multi-org use. Please Contact Us for pricing and/or questions.

All Intel

This service includes all of the above plus long term infrastructure, Threat Feed IPs and ports, Cobalt Strike config & beacons, APT and Red Team tracking, OSINT linking, malware tagging, ransomware association, and other curated intel. This service also comes with a Yara and Sigma ruleset.

We have two options for this service, internal use and commercial/multi-org use. e. Please Contact Us for pricing and/or questions.