Threat Intelligence is the organized set of knowledge created and maintained by Yoroi on digital attacks and Indicators of Compromises (IoC). It contains information related to all the analysis carried out on a large number of sources such as (but not limited to): OSINT, Private Sources, Hidden Sources and Classified Sources. Each integrated source, classified, connected and finally indexed has a specific feature. OSINT sources have basic knowledge on the trend of known threats. It is important to understand how threats evolve over time and these information sources are able to best express the generic concept. The Private Sources contain information’s related to threats typically identified and blocked by Yoroi through its sensor network. The Hidden Sources contain little but valuable information related to the upcoming threats such as (but not limited to): the creation of a new version, the introduction of a new Packers into the market and / or the use of new tools to encrypt the callback traffic.
The Threat Intelligence service in addition to the use of Public API offers a summary interface (on a monthly basis) of all threats in real time and a convenient search interface. The summary interface shows the following informations:
Which are the most affected types of business according to the Thomson Reuters standard classification, during the last month
Which are the main attacking nations and which the main victim nations, during the last month
What are the main threats, identified during the last month
This last information is very valuable for both Security Operation Centers analysts and for protection systems producers. Below are some examples of using the Yoroi Threat Intelligence.