If you have questions about our reports or services please use the Contact Us page to get in touch. Thank you.
You’re a security researcher who wants to analyze case artifacts for learning and/or fun and is not doing so on behalf of an organization (see the next option). The following artifacts will be shared with the subscriber using our threat intelligence platform:
You’re an organization who uses our reports and/or artifacts for profit or you protect your organization using our work. This service covers security companies, security teams within companies, CERTs, governments, etc. Includes email Q&A as time permits. This tier receives access to all artifacts as well as our threat intelligence platform. If you need a receipt for this purchase please use the Contact Us page to get in touch.
If you are interested in a specific case please message us using Contact Us after signing up. Case numbers are located at the bottom of each report.
We track infrastructure related to Cobalt Strike, Qbot/Qakbot, PoshC2, Covenant, Metasploit, Empire, Meterpreter stagers and more using a variety of different methods. We are currently tracking over 1000 confirmed Cobalt Strike servers, 100+ Metasploit servers, 60+ PS Empire servers, 100+ Covenant servers and more.
This feed is made available using our threat intel platform which can be accessed via a GUI or API. The feeds can be exported to txt, csv, STIX, MISP, etc. as needed to import into your IDS, Firewall, and/or Threat Intelligence Platform. We can provide a script if needed to download the feed from our API.
This feed is billed at a yearly rate. Please Contact Us us for pricing and/or trial options.