The Forrester Wave™: Digital Risk Monitoring, Q3 2016 named RiskIQ a leader in Digital Risk Monitoring, and gave RiskIQ top ranking for Current Offering & Data Coverage.
Download the Report
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Digital Threat Management – Mitigating External Web, Social and Mobile Threats
Learn more about digital defense and security outside the firewall as explained by Scott Gordon, CISSP.
Watch the Video
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
Ovum Research: RiskIQ provides external digital threat defense—learn how RiskIQ helps businesses see, manage, and protect against web, social, and mobile threats.
Get the Analyst Report
In this video, you will learn how to investigate an email address to gain more information about a threat actor.
In this exercise, you have been given a compromised device.
During your investigation, you isolated an email address as the source of the compromise.
You are tasked with investigating the email address to gain more information about the threat actor.
Using your credentials, log in to PassiveTotal: https://www.passivetotal.org/login
In the Discovery window, search for email@example.com. Now you can see all the domains that are associated with this email address. Notice that the red rows alert you to malicious search results confirmed by RiskIQ.
Now let’s pivot off the first listed domain. Right click on the first entry, wada-arna.org and open it in a new tab.
When we look at the results, we see that IP address 126.96.36.199 has been identified as suspicious. Please note that IP addresses are only marked as suspicious because IP addresses can be associated with multiple domains over time.
Now let’s examine the open source intelligence by clicking on the OSINT tab.
We see that there are many results from different sources. Let’s filter the results to only show ones from the source ThreatConnect.
Now click on the link for the ThreatConnect source. Now we can see the open source intelligence linking this domain, wada-arna.org, to Fancy Bear, a Russian threat actor.
Now read the article to get more information about this threat actor.
We hope you have enjoyed this video on how to investigate an email address to gain more information about a threat actor.
If you want to learn more about the products RiskIQ offers, visit us on the web at www.riskiq.com. For sales inquiries, you can call us at 1.888.415.4447 or email us at firstname.lastname@example.org