White Intel Knowledge Center
  • Getting Started
    • Quickstart
    • Getting an Account
    • Sign-in
  • Basics
    • Stealer Logs
    • Combolist Logs
    • Consumer Records
    • Corporate Records
  • WHITE INTEL USAGE
    • Dashboard
    • Global Search
    • Watchlists
    • Watchlist Events
  • Organization Settings
  • API Access
  • Webhooks (Incoming)
  • Purchasing Subscription
    • Researcher Subscription
    • Enterprise Subscription
    • Threat Intel Subscription
  • Frequently Asked Questions
    • FAQ
Powered by GitBook
On this page
  1. Frequently Asked Questions

FAQ

PreviousThreat Intel Subscription

Last updated 13 days ago

Ever since we have founded the WhiteIntel platform, these are the questions we get asked a lot by our customers. So we've decided to make a comprehensive list of common questions about our platform and answer them. Please do not hesitate to contact us at info@whiteintel.io if you have any further questions, we are always here to help! Q: How does WhiteIntel work? A: WhiteIntel continuously searches threat intelligence resources and acts as a database, indexing any and all recent infostealer logs and combolists shared by threat actors.

Q: What type of data leak sources does WhiteIntel monitor? A: WhiteIntel monitors both public and private telegram groups, discord channels, surface-web and dark-web forums and many other places for infostealer logs and combolists.

Q: How does real-time alerting work? A: WhiteIntel automatically ingests and indexes newly published infostealer logs and combolists. Based on the customer Watchlist rules, once a new information leak is identified customers are immediately alerted.

Q: How frequently does your threat intelligence database update? A: WhiteIntel database is updated on a 24/7 basis. This process is automated and as soon as a new leak is detected, it is uploaded to our database.

Q: Can I integrate WhiteIntel to my product via API ? A: Threat Intelligence license allows you to integrate WhiteIntel logs to your product via API and developer support is provided upon request.

Q: Can I provide service to my clients via WhiteIntel ? A: Yes, Threat Intelligence license allows cybersecurity companies to share data to their respective customers.

Q: Are Credentials on this platform unique? A: No. If an infostealer log is available on WhiteIntel, it means threat actors also have access to it.

Q: Can I request a Proof of Concept? A: Yes! Please reach out to info@whiteintel.io

Q: Can I pay with crypto currencies? A: No. Our company’s country of residence does not allow us to receive payments with crypto currencies.

Q: Why do you need KYC ? A: Due to the sensitive nature of intelligence provided, WhiteIntel has to conduct due diligence and make sure only authorized and reputable cybersecurity professionals have access to our platform.

Q: Can my or my client’s unmasked credentials be accessed on this platform? A: No. Company verification and KYC is required. However, since our logs are compiled and indexed from threat sources, chances are other people have already access to the credentials.

Q: What is the legality of this service? A: WhiteIntel acts as a database indexing service for infostealer and combolist leaks and we are not the primary source of the credentials provided. WhiteIntel strictly abides by the local laws and regulations concerning cybersecurity. Here is a fun read on the topic from NATO:

Q: Are you validating credentials? A: No, this would not be possible due to the legality of the service. We can not access third party applications. It is up to the customers to validate and conduct incident response to the reported credentials.

Q: Infostealer log shows incorrect date / a date in the future, is your platform broken? A: No, WhiteIntel acts as a database index, therefore incorrect dates are a result of incorrect time settings on the infected computer.

Q: What is the difference between Infostealer leaks and Combolist leaks?

  • Infostealer leaks : Infostealers are a type of malware that steals the usernames, emails and passwords that are stored within web browsers and sometimes password managers upon infecting victim computers.

  • Combolist leaks : Combolists are compiled from previous database breaches and infostealer logs and generally used with OpenBullet to infiltrate target web applications with username:password combination.

Q: Your platform has this credential but other platforms do not have it, what gives? A: Each threat intelligence platform has common and private log sources, so it is up to the customer to evaluate the best possible intelligence source. It is natural that some log types and credentials will show up in one platform but will not in the other.

Q: XYZ platform has this credential, but you don’t? A: WhiteIntel, we do our best to provide the most recent data leaks as quickly as possible so our customers can take preventative measures. For example, our platform is not concerned about some database leak from 2019 where an ex-employee has had a password leak. WhiteIntel ensures the information provided is actionable intelligence from most recent and up-to-date leaks, so older breaches may not show up on our platform.

https://ccdcoe.org/uploads/2020/05/CyCon_2020_4_Nweke_Wolthusen.pdf