KELA Technical Cybercrime Intelligence

KELA Technical Cybercrime Intelligence provides automated detection and monitoring of potentially compromised IP addresses and domains involved in cybercrime activity. The service collects intelligence from closed forums, illicit markets, automated cybercrime shops, and instant messaging channels used by criminals. The platform analyzes collected data to detect potentially compromised assets based on context and source credibility. Detected assets are normalized and shared via API in a structured, machine-readable format that includes STIX properties. Organizations can integrate this intelligence into security appliances to monitor or block access to compromised network infrastructure. The service provides real-time updates on compromised IPs and domains mentioned in cybercrime activity. Each threat includes contextual information about the intelligence source and how the asset was compromised. The intelligence can be used to identify network assets that may be exploited as attack infrastructure or attack vectors, such as command and control servers or phishing infrastructure. The platform continuously collects posts, images, and other information in various formats from the cybercrime underground. The automated technology extracts indicators including IP addresses and domains, which are then made available through KELA's API for integration into SIEM, SOAR, or other security solutions.