See it Live: How RiskIQ Host Pairs Confirm the Lazarus Group Attacks
Get vast internet data sets and advanced analytics to hunt digital threats and defend your company’s digital footprint.
Get RiskIQ Community Edition
Malvertising increased 132% in 2016… Download RiskIQ’s 2016 Malvertising Report to see a breakdown of how threat actor methods are trending.
Get the Report
RiskIQ Best Practices Forum – Get the Most Out of Your RiskIQ Investment
Join us in San Diego April 11-13.
Security Intelligence Services
Use registration-based correlation to expand your knowledge of the adversary
Give It a Test Drive
Thousands of times a day, domains are bought and transferred between individuals, and domain registrants must provide information about themselves when registering one. This information gets stored in a WHOIS record associated with the domain.
WHOIS is a protocol that lets anyone query for ownership information about a domain, IP address, or subnet. RiskIQ has a vast repository of WHOIS data, which is available to query for registrant information.
Attackers need to establish infrastructure to conduct their attack from and communicate with their malware. Often times attacks register multiple domains at the beginning of an attack campaign for use during all phases of their operations.
WHOIS data can provide an organization with insight into who is behind an attack campaign. Using domain registration information, an organization can unmask an attacker’s infrastructure by linking a suspicious domain to other domains registered using the same or similar information.
Interested in enhancing and enriching your organization’s security operations and incident response activity even further? Then check out:
RiskIQ’s PassiveTotal API