Loading...
Loading...
Threat Intelligence Product
All intelligence content is fictional, redacted and defensive. No real credentials, stolen data, exploit instructions, malware links, payment information or private personal data is published. Threat intelligence items use mock data and redacted references only.
The threat intelligence product area provides actor tracking, campaign analysis, exposure monitoring and incident feeds. For threat intelligence news, visit News > Threat Intelligence. For the IOC database, visit IOC Alerts.
Feed Items
12
Critical
5
Active Campaigns
4
Tracked Actors
6
Active IOCs
15
DW Mentions
16
Latest threat feed
Full analyticsPhantom Crane infrastructure shift detected
Upgrade your plan to access this threat intelligence item.
SilkGate Broker advertising VPN access to healthcare networks
Upgrade your plan to access this threat intelligence item.
Top threat profiles
All profilesVoidLock Collective
Ransomware operation targeting healthcare and manufacturing with double-extortion tactics.
7 related itemsPhantom Crane
APT group focused on defense and telecom espionage with web shell persistence.
6 related itemsRansomware + IAB Convergence
Blended profile tracking the intersection of initial access brokers and ransomware operators.
6 related itemsOperation BlackHarvest
Exposure monitoring
Full monitorDark web brand mention: fictional fintech
Multiple references to a fictional fintech brand appeared across monitored mock forum channels. Mentions discuss alleged internal tooling exposure.
Credential claim: fictional cloud provider
Mock forum post claims harvested credentials from a fictional cloud hosting provider's customer support portal. Unverified claim.
Access broker listing: fictional manufacturing VPN
Mock forum listing offers VPN access to a fictional manufacturing company. Claims domain admin level access.
Recent incidents
All incidentsRansomware incident: fictional hospital network
VoidLock claims encryption of fictional hospital network systems. Patient scheduling and administrative systems affected in mock scenario. No patient care systems impacted.
DDoS claim: fictional government portal
DataFreedom Alliance claims DDoS attack against a fictional government services portal. Duration estimated at 4 hours. Portal availability was temporarily degraded in the mock scenario.
Fraud campaign: mock payment redirect scheme
Phishing campaign uses mock payment redirect pages mimicking a fictional e-commerce checkout. Targets consumer payment card data through social engineering.
Threat intel briefs
Explore threat intelligence
Overview
TI Analytics
Threat intelligence analytics with actor, campaign, IOC and exposure metrics.
Announcements
Platform announcements, intelligence advisories and feature releases.
IOC Alerts
Indicator of compromise database with enrichment, confidence scoring and defensive guidance.
Actors & Malware
Exposure Monitoring
Active double-extortion ransomware campaign targeting healthcare through access broker partnerships.