Feb 19, 2025
3.5.2
ThreatQ versions >= v5.20.0
Group-IB
Overview
Group-IB is a provider of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection.
The Group-IB CDF for ThreatQ provides the following feeds:
- GroupIB Compromised Account
- GroupIB Compromised Bank Card
- GroupIB Compromised Data Git Leaks
- GroupIB Compromised Data Mules
- GroupIB Compromised Data IMEI
- GroupIB Compromised IM Discord
- GroupIB Compromised IM Telegram
- GroupIB Compromised Masked Band Card
- GroupIB Compromised Shops
- GroupIB Human Intelligence Threat
- GroupIB Human Intelligence Threat Actor
- GroupIB APT Threat
- GroupIB APT Threat Actor
- GroupIB Malware C2
- GroupIB Suspicious IP Open Proxy
- GroupIB Suspicious IP Socks Proxy
- GroupIB Suspicious IP VPN
- GroupIB Malware Configs
- GroupIB Suspicious IP Tor Node
- GroupIB Suspicious IP Scanner
- GroupIB Malware Report
- GroupIB Malware Signature
- GroupIB Malware YARA Rule
- GroupIB Malware Vulnerability
- GroupIB Attacks DDoS
- GroupIB Attacks Deface
- GroupIB Attacks Phishing
- GroupIB Attacks Phishing Group
- GroupIB Attacks Abuse Phishing Kit
- GroupIB OSI PublicLeak
- GroupIB IOC Common
Object types ingested from the feeds above include:
- Adversaries
- Asset
- Attack Patterns
- Compromised Accounts (custom object)
- Compromised Cards (custom object)
- Discord Channel (custom object)
- Identities
- Indicators
- Instrusion Sets
- IMEIs (custom object)
- Malware
- Money Mule (custom object)
- Organizations (custom object)
- Reports
- Signatures
- Telegram Channel (custom object)
- Tools
- Tags
- Vulnerabilities