Threat intelligence

Threat Intelligence is the organized set of knowledge created and maintained by Yoroi on digital attacks and Indicators of Compromises (IoC). It contains information related to all the analysis carried out on a large number of sources such as (but not limited to): OSINT, Private Sources, Hidden Sources and Classified Sources. Each integrated source, classified, connected and finally indexed has a specific feature. OSINT sources have basic knowledge on the trend of known threats. It is important to understand how threats evolve over time and these information sources are able to best express the generic concept. The Private Sources contain information’s related to threats typically identified and blocked by Yoroi through its sensor network. The Hidden Sources contain little but valuable information related to the upcoming threats such as (but not limited to): the creation of a new version, the introduction of a new Packers into the market and / or the use of new tools to encrypt the callback traffic.

This carefully engineered, catalogued and indexed information is made available through a set of REST-full Public APIs fully integrated with third-party technologies such as: SIEM, SIEM +, Log Management and other threat analysis technologies. In order to integrate Yoroi's Threat Intelligence with internal tools to the organization, an SDK written in Python and / or Javascript / NodeJS is offered through which it is possible to automate simultaneous requests to the Public API.

The Threat Intelligence service in addition to the use of Public API offers a summary interface (on a monthly basis) of all threats in real time and a convenient search interface. The summary interface shows the following informations:

Which are the most affected types of business according to the Thomson Reuters standard classification, during the last month

Which are the main attacking nations and which the main victim nations, during the last month

What are the main threats, identified during the last month

This last information is very valuable for both Security Operation Centers analysts and for protection systems producers. Below are some examples of using the Yoroi Threat Intelligence.