Identity Portal

Use the Identity Portal to list results by line and Export Leaked Accounts
Tags:

The Identity Portal offers 3 powerful features:

  1. Display search results by line and highlight the search term
  2. Export Leaked Accounts
  3. Reverse Lookup for Stealer Logs

Search Results by Line

This function searches for and lists all lines where a search term appears, and like intelx.io, it searches across all data categories. Each line contains first the ID of the search result, which can be opened by clicking on it. The next columns show the file type and the data category, followed by the line where the search term appears.

This allows analysts to go over hundreds of results and quickly identify duplicates and relevant and irrelevant findings. The screenshots below show the lookup for Dmitry Badin, a supposed GRU member who allegedly hacked the German Bundestag.

Search results for Dmitry Badin in Identity Portal

You can filter results per bucket and date:

Filters in Identity Portal

Export Leaked Accounts

The second tab, “Export Leaked Accounts”, allows users to search for a domain or email and lists all potentially leaked accounts found for a target. It analyzes the password type, including the detection of various hashes, and provides information about the source.

It provides a download link to a CSV file listing all the results with these fields: User, Password, Password Type, Bucket, Date, Source Short, Source Long, Search Result ID

There is a lot of engineering behind both functions since it reads all search results data in real-time, converts them to text, and analyzes the result to determine whether it is a leaked account. Given that Intelligence X searches more than 200 billion records, this can result in Gigabytes of data being processed for a single request.

Filters in Identity Portal

Reverse Lookup for Stealer Logs

Our latest feature in the Identity Portal is a powerful reverse lookup for stealer logs. It allows you to search for a domain or URL and get all leaked accounts for a particular service. Previously, a manual search for the domain or URL and click through potentially hundreds or thousands of results would be needed. This feature exclusively searches the Stealer Logs data and is currently in beta mode.

The feature generates a CSV file with these fields: URL, User, Password, Bucket, Date, Source Short, Source Long, Search Result ID

Filters in Identity Portal