d i s c o v e r c r i m i na l a c t i v i t i e s , a c c ...€¦ · 4 i q i d h u n t ™ c o r...
TRANSCRIPT
4iQ IDHunt™ Core Datasheet
Discover Criminal Activities, Accelerate Investigations & Unmask Cybercriminals If you are conducting complex cyber-crime investigations, you know how difficult it can be to identify threat actors due to the multiple layers of purposeful misdirection. Pseudo names, anonymity tools, and other evasive tactics make solving cases difficult and time-consuming.
4iQ IDHunt™ Core is an easy-to-use SaaS application that enables you to quickly connect information within your case files to exposed identity information within the 4iQ IDLake™.
4iQ IDLake™ is a proprietary data lake with tens of billions of identity records and credentials from transient, historical and newly surfaced breach corpuses.
The platform includes additional, rich investigative data sources that further connect criminal tools, tactics and procedures (TTPs).
Fig. 1 IDHunt Core™ Investigative Data Sources
Fig. 2 Alphabay investigation
4iQ IDHunt™ Core provides context to threat actors, revealing their real identities, cohorts and criminal rings. Follow digital footprints to solve cases faster and more accurately than ever before possible.
In the example on the left; IP addresses, domains, phone numbers and passwords connect the dots to find that Alexandre Cazes and Pimp_Alex_91 are the same person.
® 2020 4iQ, Inc. All rights reserved. 1
4iQ IDHunt™ Core Datasheet
Enrich Your Cases with New, Unique Investigative Data
4iQ IDLake™ ➢ Discover hidden activities and real identities of malicious actors
Dark Marketplaces ➢ Reveal intent and activity within underground marketplaces and forums.
Cryptocurrency Addresses ➢ Connect malicious addresses and transactions to real identities.
Phishing Data ➢ Connect emails, domains and IPs to phishing campaigns.
Passive DNS / DNS lookup ➢ Extract identifying information related to malicious domains & IP addresses in DNS records.
Human Trafficking Data ➢ Connects human trafficking data to individuals or businesses.
Domain Specific Data ➢ Use historical domain ownership data and records to identify shell companies, ring activity or malicious associations.
Pastebin Documents ➢ Plain text sharing site includes leaked data, malware, stolen passwords and provides context to activities, motivations and intent.
Social Profiles ➢ View past and present social profile activity and community affiliations revealing alternate personas.
Your search engine for investigations. How it Works:
1) START YOUR SEARCH
Search and pivot on attributes to identify further information that will build and enrich your investigations.
Enter an asset (email, moniker, phone number) or term into the IDHunt Core™ search bar. Just like any search engine, all related results will be immediately returned with exposed identity attributes such as emails, usernames, passwords, IP addresses, phone numbers, BTC addresses and wallets, along with breach information (date and description). Depending on the use case, filter results by identity, document leaks, domains, cryptocurrency addresses and wallets, Dark Marketplaces or 1malicious sites. Exact, partial or “fuzzy” searches allow you to control the types of results returned.
Fig. 3 IDHunt Core™Query Search Bar.
Search across 26+ identifiers, including full names, monikers/usernames, emails, passwords, phone numbers, home/work addresses, social security/IBAN numbers, drivers license#’s, passport#’s, birth dates, income tax #’s, bank account #’s, Member IDs, credit card #’s, expiration dates, cvv #’s, cryptocurrency Bitcoin addresses, Bitcoin amounts, and more.
® 2020 4iQ, Inc. All rights reserved. 2
4iQ IDHunt™ Core Datasheet
2) PIVOT AND ENRICH INVESTIGATIVE DATA FOR NEW INTELLIGENCE AND REAL IDENTITIES.
It’s not just about transactional data or information within your case files. We enrich your data with ‘hidden’ information, revealing indicators of nefarious activities and identities that would otherwise appear legitimate.
The example on the right shows how IDHunt™ Core can reveal malicious activity associated with a single Bitcoin Address entered into the search bar, surfacing alternate identity information, and additional clues and attributes that further the investigation.
Fig. 4 IDHunt Core™Malicious Breach Data Discovery
Fig. 5 IDHunt Core™ Actor Profile
Delve deeper into your investigations with rich identity data. Simply right-click on an attribute to pivot and enrich findings from standard search engines, Pastebin documents, Domain WhoIs data, social profiles, and other 4iQ sources, and click to other open source data and reverse IP lookups.
Correlate passwords to reveal additional accounts that may be related. Investigate domains to see which breaches they have been exposed in. View identity attributes aggregated and displayed in your Active Path in your investigation. View automatically generated actor profiles containing all attributes associated with the individual.
“It took two agents using 4iQ IDHunt™ Core one day to create a usable persona map versus 70 analysts about three months to build a comparable intel package for the same mission.”
- Information Security Officer, Intel Agency
® 2020 4iQ, Inc. All rights reserved. 3
4iQ IDHunt™ Core Datasheet
3) GRAPH RESULTS BY MALICIOUS IDENTITIES OR BREACHES
A single actor analysis can require hundreds of pivots. The application automatically generates very large graphs and a malicious score to help analysts assess profiles in seconds. Simply right-click on an email or username to instantly generate graphs.
4iQ IDHunt™ Core provides two types of graphs:
Maliciousness Graph (with score): provides automatic identity resolution and malicious scoring to help analyze very large graphs in seconds. The malicious score indicates the level of associated malicious activity (e..g hacking, money laundering) along with the confidence level that the associated entity is the same as the entity being investigated.
Identities Graph (with score): provides a view by breach and expands related nodes with a click of a button.
4) LINK CRYPTOCURRENCY TO CYBER CRIMINALS AND THREAT ACTORS
Link malicious cryptocurrency addresses and clusters to identity attributes from data breaches archived within the 4iQ IDLake™ to uncover the real identity of nefarious activity associated with the Bitcoin addresses.
“We were able to solve a fraud case identifying criminals attacking our bank in just a few hours using IDHunt™ Core that we were not previously able to crack using three other vendor solutions for over three months.
- Fraud Analyst, Multi-national Bank
® 2020 4iQ, Inc. All rights reserved. 4
4iQ IDHunt™ Core Datasheet
Key Features
4IQ IDHunt™ Core enables investigators to explore and analyze rich data sets to speed investigations and prove malicious intent, activities and identities of cyber criminals.
Targeted Threat Analysis
Instead of searching for a needle in a haystack, investigators start with clues they already have - and search the 4iQ IDLake™ and other data sources to begin making connections.
Accelerate Findings
4iQ has spent years verifying and curating billions of identity records and relevant intelligence, so that you can solve cases faster and more effectively - sometimes with - in a matter of hours.
AI/ML & Analytics
A single actor analysis can require hundreds of pivots. With 4iQ IDHunt Core™, you can automatically connect the dots, generate graphs and calculate maliciousness scores in seconds.
No Training Required
4iQ IDHunt Core™ SaaS application is simple. Using an intuitive interface, Investigators can search and immediately start seeing results with no prior training.
“It took us over 14 months to find this bad actor which with 4iQ iDHunt Core, took only 5 minutes.”
- Fraud Analyst, Top Tier Bank
® 2020 4iQ, Inc. All rights reserved. 5
4iQ IDHunt™ Core Datasheet
USE CASES 4iQ IDHunt™ Core provides actionable identity-based intelligence leading to more cases solved efficiently and effectively. The SaaS application exponentially increases analyst and investigator productivity and requires little training. It helps deliver timely Suspicious Transaction Reports (STR) and Suspicious Activity Reports (SAR) enriched with information needed to disrupt and deter crime.
Customer Due Diligence (CDD), Anti-Money Laundering (AML) & Cryptocurrency-based Investigations
Quickly extract curated insights from exclusive or rare identity-based intelligence with other relevant investigative data to accelerate the validation process and verify the true character of potential clients and their business associates. 4iQ IDHunt™ Core can
map malicious networks, criminal identities and their hidden actions to cryptocurrency addresses; helping you solve cases faster while providing rich detailed information in SARs. The platform provides an easier, effective way to identify potential fraudulent accounts and stop illegal activities.
Identity-based Fraud Investigations
Helps leaders of fraud or hybrid teams in large financial institutions investigate compromised banking credentials and determine identities and associations of persistent threat actors and criminal groups perpetuating large-scale fraud related cyber activity. IDHunt™ Core can help understand the human behind the act,
leveraging identity intelligence to gain context on the intent to prove or disprove your fraud theory and expedite cases with fewer investigators.
Cyber Crime Investigations, Counter-Terrorism Financing (CTF)
Purpose-built for hunting threat actors, correlating digital footprints with unique contextual identity data to accelerate investigations. Quickly build a persona map on adversaries in a fraction of the time it normally takes with fewer analysts, leveraging
unique and difficult to obtain identity intelligence with your case file data. Unmask real identities and networks behind suspicious transactions (including cryptocurrency transactions). Additionally identify and investigate suspicious personnel and uncover nefarious activities, including illicit activity and leaked proprietary documents through dark web sales and trades.
There’s always a real person behind an attack and organizations need to
make a shift to catching the culprit and their cohorts rather than playing the unending game of defensive whack-a-mole.
- CISO, Global Bank
Learn: www.4iq.com Connect: [email protected] Connect: @4iQ
® 2020 4iQ, Inc. All rights reserved. 6