Hash Intel Cards (aka Hash Cards) provide an on-demand summary of essential information related to a specific Hash, and are updated in real time as Recorded Future collects new information. You can use Hash Cards as a starting point when assessing whether observation of a given Hash in a specific context is an Indicator of Compromise, and further can be used in security control rules to block or detect incidents. Hash Cards are also pivot points during investigations that start with another indicator, a malware tool, a vulnerability, or a threat actor.
Descriptions of several common components of the Hash Card are found in the Overview of Intel Cards; the details below are specific to the Hash Card:
Hash Card: Risk Scoring
Hash Risk Scores distinguish malicious file hashes from web reporting on hashes used for other technical purposes: passwords, digital fingerprints, certificates, etc. The risk rules for Hashes currently do not have an age out criteria. Once scored as malicious, a Hash will remain permanently malicious.
Hash Cards provide full transparency, sourcing all of the evidence behind a Risk Score.
Intelligence Partner Extensions
Extensions are integrations that enhance Hash Cards with content from our Intelligence Partners. Click here to learn more. We also have training page specific to the extensions available on a Hash Card.