4iQ IDHunt™ Core Datasheet 

Discover Criminal Activities, Accelerate Investigations & Unmask Cybercriminals   If you are conducting complex cyber-crime investigations, you know how difficult it can be to identify                               threat actors due to the multiple layers of purposeful misdirection. Pseudo names, anonymity tools,                           and other evasive tactics make solving cases difficult and time-consuming. 

4iQ IDHunt™ Core is an easy-to-use SaaS application that enables you to quickly connect information                             within your case files to exposed identity information within the 4iQ IDLake™. 

4iQ IDLake™ is a proprietary         data lake with tens of billions           of identity records and     credentials from transient,     historical and newly surfaced     breach corpuses.  

The platform includes     additional, rich investigative     data sources that further       connect criminal tools, tactics       and procedures (TTPs). 

Fig. 1 IDHunt Core™ Investigative Data Sources 

 

Fig. 2 Alphabay investigation 

4iQ IDHunt™ Core provides context         to threat actors, revealing their real           identities, cohorts and criminal       rings. Follow digital footprints to         solve cases faster and more         accurately than ever before       possible. 

In the example on the left; IP             addresses, domains, phone numbers     and passwords connect the dots to           find that Alexandre Cazes and         Pimp_Alex_91 are the same person.  

® 2020 4iQ, Inc. All rights reserved.  1   

4iQ IDHunt™ Core Datasheet 

Enrich Your Cases with New, Unique Investigative Data 

4iQ IDLake™  ➢ Discover hidden activities and real identities of malicious actors 

Dark Marketplaces  ➢ Reveal intent and activity within underground marketplaces and forums. 

Cryptocurrency Addresses  ➢ Connect malicious addresses and transactions to real identities. 

Phishing Data  ➢ Connect emails, domains and IPs to phishing campaigns. 

Passive DNS / DNS lookup  ➢ Extract identifying information related to malicious domains & IP addresses in DNS records. 

Human Trafficking Data  ➢ Connects human trafficking data to individuals or businesses. 

Domain Specific Data  ➢ Use historical domain ownership data and records to identify shell companies, ring activity or malicious associations.  

Pastebin Documents  ➢ Plain text sharing site includes leaked data, malware, stolen passwords and provides context to activities, motivations and intent.  

Social Profiles   ➢ View past and present social profile activity and community affiliations revealing alternate personas.  

 Your search engine for investigations. How it Works: 

1) START YOUR SEARCH 

Search and pivot on attributes to identify further information that will build and enrich your                             investigations. 

Enter an asset (email, moniker, phone number) or               term into the IDHunt Core™ search bar. Just like                 any search engine, all related results will be               immediately returned with exposed identity         attributes such as emails, usernames, passwords,           IP addresses, phone numbers, BTC addresses and             wallets, along with breach information (date and             description). Depending on the use case, filter results by               identity, document leaks, domains, cryptocurrency         addresses and wallets, Dark Marketplaces or           1malicious sites. Exact, partial or “fuzzy” searches             allow you to control the types of results returned. 

Fig. 3 IDHunt Core™Query Search Bar. 

Search across 26+ identifiers, including full names, monikers/usernames, emails, passwords, phone                     numbers, home/work addresses, social security/IBAN numbers, drivers license#’s, passport#’s, birth                   dates, income tax #’s, bank account #’s, Member IDs, credit card #’s, expiration dates, cvv #’s,                               cryptocurrency Bitcoin addresses, Bitcoin amounts, and more.   

® 2020 4iQ, Inc. All rights reserved.  2   

4iQ IDHunt™ Core Datasheet 

2) PIVOT AND ENRICH INVESTIGATIVE DATA FOR NEW INTELLIGENCE AND REAL IDENTITIES. 

It’s not just about transactional data or information within your case files. We enrich your data with ‘hidden’ information, revealing indicators of nefarious activities and identities that would otherwise appear legitimate.

The example on the right shows how IDHunt™ Core can reveal malicious activity associated with a single Bitcoin Address entered into the search bar, surfacing alternate identity information, and additional clues and attributes that further the investigation.

Fig. 4 IDHunt Core™Malicious Breach Data Discovery 

  

Fig. 5 IDHunt Core™ Actor Profile 

Delve deeper into your investigations with rich             identity data. Simply right-click on an attribute to               pivot and enrich findings from standard search             engines, Pastebin documents, Domain WhoIs data,           social profiles, and other 4iQ sources, and click to               other open source data and reverse IP lookups.  

Correlate passwords to reveal additional accounts           that may be related. Investigate domains to see               which breaches they have been exposed in. View               identity attributes aggregated and displayed in           your Active Path in your investigation. View             automatically generated actor profiles containing         all attributes associated with the individual. 

 

 

  “It took two agents using 4iQ IDHunt™ Core one day to create a usable persona                             map versus 70 analysts about three months to build a comparable intel package                         for the same mission.” 

- Information Security Officer, Intel Agency 

 

 

 

 

 

® 2020 4iQ, Inc. All rights reserved.  3   

4iQ IDHunt™ Core Datasheet 

3) GRAPH RESULTS BY MALICIOUS IDENTITIES OR BREACHES  

A single actor analysis can require hundreds of pivots. The application automatically generates very                           large graphs and a malicious score to help analysts assess profiles in seconds. Simply right-click on                               an email or username to instantly generate graphs. 

4iQ IDHunt™ Core provides two types of graphs:  

Maliciousness Graph (with score): provides         automatic identity resolution and malicious         scoring to help analyze very large graphs in               seconds. The malicious score indicates the level             of associated malicious activity (e..g hacking,           money laundering) along with the confidence           level that the associated entity is the same as the                   entity being investigated.  

Identities Graph (with score): provides a view by               breach and expands related nodes with a click of               a button. 

4) LINK CRYPTOCURRENCY TO CYBER CRIMINALS AND THREAT ACTORS  

 

Link malicious cryptocurrency addresses and         clusters to identity attributes from data breaches             archived within the 4iQ IDLake™ to uncover the               real identity of nefarious activity associated with             the Bitcoin addresses.  

 

 

“We were able to solve a fraud case identifying criminals attacking our bank in                           just a few hours using IDHunt™ Core that we were not previously able to crack                             using three other vendor solutions for over three months. 

- Fraud Analyst, Multi-national Bank 

 

 

® 2020 4iQ, Inc. All rights reserved.  4   

4iQ IDHunt™ Core Datasheet 

 

Key Features 

4IQ IDHunt™ Core enables investigators to explore and analyze rich data sets to speed                         investigations and prove malicious intent, activities and identities of cyber criminals.   

   

  

 

 

Targeted Threat Analysis 

Instead of searching for a needle in a               haystack, investigators start with clues         they already have - and search the 4iQ               IDLake™ and other data sources to begin             making connections. 

Accelerate Findings 

4iQ has spent years verifying and curating             billions of identity records and relevant           intelligence, so that you can solve cases             faster and more effectively - sometimes           with - in a matter of hours. 

   

AI/ML & Analytics 

A single actor analysis can require           hundreds of pivots. With 4iQ IDHunt           Core™, you can automatically connect the           dots, generate graphs and calculate         maliciousness scores in seconds. 

No Training Required 

4iQ IDHunt Core™ SaaS application is           simple. Using an intuitive interface,         Investigators can search and immediately         start seeing results with no prior training. 

  

“It took us over 14 months to find this bad actor which with 4iQ iDHunt Core,  took only 5 minutes.” 

- Fraud Analyst, Top Tier Bank 

 

® 2020 4iQ, Inc. All rights reserved.  5   

4iQ IDHunt™ Core Datasheet 

USE CASES 4iQ IDHunt™ Core provides actionable identity-based intelligence leading to more cases solved                       efficiently and effectively. The SaaS application exponentially increases analyst and investigator                     productivity and requires little training. It helps deliver timely Suspicious Transaction Reports (STR)                         and Suspicious Activity Reports (SAR) enriched with information needed to disrupt and deter crime.  

Customer Due Diligence (CDD), Anti-Money Laundering (AML) & Cryptocurrency-based Investigations 

Quickly extract curated insights from exclusive or rare identity-based intelligence with                     other relevant investigative data to accelerate the validation process and verify the                       true character of potential clients and their business associates. 4iQ IDHunt™ Core can                         

map malicious networks, criminal identities and their hidden actions to cryptocurrency addresses;                       helping you solve cases faster while providing rich detailed information in SARs. The platform                           provides an easier, effective way to identify potential fraudulent accounts and stop illegal activities. 

Identity-based Fraud Investigations 

Helps leaders of fraud or hybrid teams in large financial institutions investigate                       compromised banking credentials and determine identities and associations of                 persistent threat actors and criminal groups perpetuating large-scale fraud related                   cyber activity. IDHunt™ Core can help understand the human behind the act,                       

leveraging identity intelligence to gain context on the intent to prove or disprove your fraud theory and                                 expedite cases with fewer investigators.  

Cyber Crime Investigations, Counter-Terrorism Financing (CTF) 

Purpose-built for hunting threat actors, correlating digital footprints with unique                   contextual identity data to accelerate investigations. Quickly build a persona map on                       adversaries in a fraction of the time it normally takes with fewer analysts, leveraging                           

unique and difficult to obtain identity intelligence with your case file data. Unmask real identities and                               networks behind suspicious transactions (including cryptocurrency transactions). Additionally identify                 and investigate suspicious personnel and uncover nefarious activities, including illicit activity and                       leaked proprietary documents through dark web sales and trades. 

 There’s always a real person behind an attack and organizations need to                       

make a shift to catching the culprit and their cohorts rather than playing the                           unending game of defensive whack-a-mole. 

- CISO, Global Bank 

 

Learn: www.4iq.com  Connect: info@4iq.com  Connect: @4iQ 

® 2020 4iQ, Inc. All rights reserved.  6