Document toolboxDocument toolbox

The Dossier Threat Indicator Report

Owned by Gary Leicht
Last updated: Apr 12, 2024
2 min read

The The Dossier Threat Indicator Report is comprised of a dozen or so smaller, self-contained reports, each focusing on a specific type of information reported in the main threat indicator report.

A sample Dossier Summary Report page.

Image: A sample Dossier Summary Report page.

All available report types are listed in the left-hand column of the report page. The reports generated include the following:

  • Summary: The Dossier Summary report provides a comprehensive, one-page report summarizing the information obtained when conducting a threat indicator search on a threat indicator.

  • Impacted Devices: The Dossier Impacted Devices report provides a comprehensive, one-page report detailing impacted devices information obtained when conducting a threat indicator search on a threat indicator.

  • Current DNS: The Dossier Current DNS report provides a comprehensive, one-page report detailing current DNS information obtained when conducting a threat indicator search on a threat indicator.

  • Related Domains: The Dossier Related Domains report provides a comprehensive, one-page report detailing current related domains and subdomains information obtained when conducting a threat indicator search on a threat indicator.

  • Related URLs: The Dossier Related URLs report provides a comprehensive, one-page report detailing current related URLs information obtained when conducting a threat indicator search on a threat indicator.

  • Related IPs: The Dossier Related IPs report provides a comprehensive, one-page report detailing current related IPs information obtained when conducting a threat indicator search on a threat indicator.

  • Related File Samples: The Dossier Related File Samples report provides a comprehensive, one-page report detailing related file samples information obtained when conducting a threat indicator search.

  • Related Contacts: The Dossier Related Contacts report provides a comprehensive, one-page report detailing related contact information obtained from Whois data reported by DomainTools.

  • Reports: The Dossier Reports report provides a comprehensive, one-page report listing additional report information obtained when conducting a threat indicator search on a threat indicator.

  • Timeline: The Dossier Timeline report provides a comprehensive, one-page report detailing timeline information obtained from domain registration records.

  • Threat Actor: The Dossier Threat Actor report provides a comprehensive, one-page, score card detailing threat actor information obtained when conducting a threat indicator search on a threat indicator.

  • MITRE ATT&CK: MITRE ATT&CK is a globally accessible knowledge base of adversarial tactics and techniques based on real-world observation.

  • WHOIS Record: The WHOIS Record displays location data for a registrant and for the host of a domain or IP address, including domain registration, hosting information, and the domain's creation, updated, and expiry date

  • Raw Whois: The Dossier Raw WHOIS report provides a comprehensive, one-page report detailing raw WHOIS information that is obtained from the Whois record.

For more information on the Dossier Threat Research Report, refer to the online documentation available here.