Intelligence Cards bundle essential information related to a specific investigation topic, like a technical indicator, malware family, or software vulnerability. Intelligence Cards are a starting point for triage, and are pivot points during an investigation.
Use the following links to learn more about Intelligence Cards for specific entity types:
- IP Address - individual IPs and IP ranges (CIDRs)
- Domain - Domains and DNS names for FQDNs, Name Servers, Mail Exchanges, etc.
- Hash - includes MD5, SHA-1 and SHA256 hashes
- Vulnerability - primarily CVE vulnerabilities from NIST NVD
- Malware
- Threat Actor
- Location - A specific city
- Company
- Facility
- Country
Recorded Future processes unstructured data from open web, technical web, dark web, expert research, and customer provided sources with machine learning and natural language processing techniques. While we have both rigorous automated and manual processes in place to ensure the highest quality threat intelligence, there may be small errors or misattributions in our intelligence cards. If you come across a data inaccuracy, help us improve the information by Requesting a Data Review and one of our expert researchers will conduct a review.
In order to request curation of an entity and make sure it is up to date with missing information, navigate to the Intelligence Card for that entity. Then click the 3 dots in the top-right, and click "Report Data Issue" > "Request Curation". Fill out any necessary fields and include additional information that could help us perform the curation.
If data is believed to be incorrect, you'd want to use the "Request Data Review" option, which will trigger further investigation and follow up.
In each request, please include as much information as possible about the request so that our expert researchers are able to focus their attention on the specific data element.