What's new

Kaspersky Threat Intelligence Portal offers the following features and enhancements.

Release 06.2024

• Dynamic scanning update:
  • The dynamic scanning technology has been updated to Kaspersky Research Sandbox 2.3.

    This upgrade will enhance detection accuracy, improve countermeasures against anti-evasion techniques, and increase overall service reliability through internal enhancements.

• Kaspersky TAXII Server Demo Access:
  • Demo access to the Kaspersky TAXII Server is now available for registered users of the portal with a dedicated token. This access allows the use of Demo TAXII collections in STIX format (TAXII_Demo_*_Data_Feed via taxii.tip.kaspersky.com), leveraging all integration benefits, including using the OpenCTI platform connector. Please see the connector readme for more information. The TAXII Demo collections have the same types of indicators as the existing Demo Data Feeds in JSON format.
• Minor UI improvements:
  • User awareness of detection categories has been enhanced.
  • The portal logo has been updated.
• Minor bugfix.
• Improved SEO performance.
• Documentation enhancement.

Release 08.2023

• The Portal is now optimized for mobile devices. You can start an investigation using your mobile device or tablet: submit files to Sandbox, lookup hashes, IP addresses, domains, web addresses, and view a worldwide cybermap showing threats around the globe.
• COVID-19-related phishing threats are replaced with a set of Demo Threat Data Feeds, which is available at the bottom of the main page. Demo Thread Data Feeds now include the following:
  • Demo IP Reputation Data Feed
  • Demo Botnet C&C URL Data Feed
  • Demo Malicious Hash Data Feed
  • Demo APT Hash Data Feed
  • Demo APT IP Data Feed
  • Demo APT URL Data Feed
  • Demo Suricata Rules Data Feed
• When sending an object to reanalysis, the email address that you used to sign in to the Portal is now filled automatically.
• A dark theme option has also been added to the web interface. You can now switch between the current bright mode and a dark alternative, either to improve visibility in dim light or for purely aesthetic reasons.
• Minor bugfix.
• Documentation enhancement.

Release 09.2022

• Kaspersky has introduced a worldwide cybermap to graphically display information about global cyber-attacks and the top threats in each country. Users can also specify a threat type or time period to visualize statistical data.
• The Lookup tab has been extended to support Compromised and Spam categories for IP addresses:
  • Compromised IP addresses are usually legitimate, but infected or compromised at the moment of the lookup request.
  • Spam IP addresses are used to send spam emails.
• The Lookup tab now also supports Compromised categories for domains and web addresses. Similar to IP addresses, these resources are usually legitimate, but infected or compromised at the moment of the lookup request.
• RESTful API quotas have been extended from 200 to 2000 requests per day, allowing users to check a greater number of objects considered as suspicious in automated mode.
• The web interface has also been enhanced and redesigned to ensure a smooth user experience.
• Minor bugfix.
• Documentation enhancement.

Release 11.2020

• The web interface is updated to ensure a smooth user experience as new features are introduced.
• More detailed information on submitted files through their static analysis is added. It provides data on the Portable Executable (PE) files structure and extracted strings. The PE format relates to files running on Windows and contains information on how the operating system should execute their code. Based on the results of the analysis, security researchers can identify the object’s functionality and, as long as it has non-typical artifacts, reveal its harmful potential, even if the malware was previously unknown. The results can also be used to create indicators of compromise, detection heuristics, and rules.
• Behavior detection technology is now added to our multi-layered detection approach as one of the most efficient ways to detect advanced threats like fileless malware, ransomware, and zero-day malware.
• New privileged features for registered users through free community access are introduced:
  • An ability to connect applications with the service via the RESTful API, to automate requests for checking dangerous objects, and get query results in the form of a JSON file and without visiting the web service.
  • Receive a limited number of full reports on either a file’s or web address’s behavior by using Kaspersky Cloud Sandbox to get an understanding on the full file’s activities; and events happening on a certain web page, such as downloads, and JavaScript, Adobe Flash execution.
  • To increase privacy, a special submission mode that enables file or indicators checking in a way that the results are not available to others until they submit an object themselves.
  • The full history of searches (both private and public).

Release 07.2020

• Russian localization of Kaspersky Threat Intelligence Portal and Help is now available.

Release 06.2020

• You can now send objects to Kaspersky experts for analysis result re-validation.

Page top