Threat Command

New

• Darkfeed.io source added to the Trusted Sources in ransomware blogs: Darkfeed.io is now searchable in Intellifind. You can search using url.domain:darkfeed. Each document contains the following fields:
  • Company - The victim entity
  • Company Domain - The victim entity website
  • Sector - The victim sector of operation
  • Country - The victim country
  • Image - A link to the attack announcement
  • Attacking Group - For example, Lockbit (same as author)
  • Link - A link to the source (same as the source in the result heading)
• RAMP forum added to Darkweb sources: RAMP forum (previously Payload.bin) is now being monitored by ThreatCommand. Since 2021 it has become a major hub for cybercriminals, especially in ransomware, under Babuk ransomware group leadership. Despite facing challenges, it attracts over 14,000 members, offering illicit services and data with strict registration criteria.
• InsightVM multi-tenancy: We now support multiple InsightVM instances for the same account in Vulnerability Risk Analyzer (VRA).
• Botnets password leakage hashed for PII compliance: Rapid7 encrypts passwords originating from botnets because it is checked for the company's users’ credentials. As the information pertains to the customer, but is not directly owned by them, Rapid7 implements encryption on the passwords to prevent the disclosure of Personally Identifiable Information (PII).

Improved

• Russian Market scraping infrastructure: Rapid7 has matched its scraping capabilities with the ones required by Russian Market source.