The Dossier Threat Indicator Report

The The Dossier Threat Indicator Report is comprised of a dozen or so smaller, self-contained reports, each focusing on a specific type of information reported in the main threat indicator report.

Open

Image: A sample Dossier Summary Report page.

All available report types are listed in the left-hand column of the report page. The reports generated include the following:

• Summary: The Dossier Summary report provides a comprehensive, one-page report summarizing the information obtained when conducting a threat indicator search on a threat indicator.

• Impacted Devices: The Dossier Impacted Devices report provides a comprehensive, one-page report detailing impacted devices information obtained when conducting a threat indicator search on a threat indicator.

• Current DNS: The Dossier Current DNS report provides a comprehensive, one-page report detailing current DNS information obtained when conducting a threat indicator search on a threat indicator.

• Related Domains: The Dossier Related Domains report provides a comprehensive, one-page report detailing current related domains and subdomains information obtained when conducting a threat indicator search on a threat indicator.

• Related URLs: The Dossier Related URLs report provides a comprehensive, one-page report detailing current related URLs information obtained when conducting a threat indicator search on a threat indicator.

• Related IPs: The Dossier Related IPs report provides a comprehensive, one-page report detailing current related IPs information obtained when conducting a threat indicator search on a threat indicator.

• Related File Samples: The Dossier Related File Samples report provides a comprehensive, one-page report detailing related file samples information obtained when conducting a threat indicator search.

• Related Contacts: The Dossier Related Contacts report provides a comprehensive, one-page report detailing related contact information obtained from Whois data reported by DomainTools.

• Reports: The Dossier Reports report provides a comprehensive, one-page report listing additional report information obtained when conducting a threat indicator search on a threat indicator.

• Timeline: The Dossier Timeline report provides a comprehensive, one-page report detailing timeline information obtained from domain registration records.

• Threat Actor: The Dossier Threat Actor report provides a comprehensive, one-page, score card detailing threat actor information obtained when conducting a threat indicator search on a threat indicator.

• MITRE ATT&CK: MITRE ATT&CK is a globally accessible knowledge base of adversarial tactics and techniques based on real-world observation.

• WHOIS Record: The WHOIS Record displays location data for a registrant and for the host of a domain or IP address, including domain registration, hosting information, and the domain's creation, updated, and expiry date

• Raw Whois: The Dossier Raw WHOIS report provides a comprehensive, one-page report detailing raw WHOIS information that is obtained from the Whois record.

For more information on the Dossier Threat Research Report, refer to the online documentation available here.