Threat Profiler

AI-powered cyber threat intelligence reports with MITRE ATT&CK mappings. Get actionable security insights for any organization in minutes.

By PEACH STUDIO

Threat-Informed Defense

Threat Profiler implements a threat-informed defense approach - understanding who might attack you, why, and how, so you can prioritize defenses that matter.

Instead of generic security checklists, you get:

• Contextualized intelligence - Threat actors relevant to your sector and geography
• Attack surface visibility - What attackers see when they look at your organization
• Prioritized defenses - Recommendations based on actual threat actor TTPs
• Detection guidance - What to monitor based on likely attack patterns

What You Get

• Threat Actor Profiling - Identify who's targeting your industry with campaigns, motivations, and TTPs
• Attack Surface Discovery - Subdomains, cloud providers, exposed services, M365 detection
• MITRE ATT&CK Mapping - Every threat linked to tactics, techniques, and procedures
• Risk-Prioritized Recommendations - Know what to fix first based on threat likelihood
• Professional PDF Reports - Board-ready deliverables

Use Cases

1. Security Assessments for Clients

For: MSSPs, consultants, security teams

Generate comprehensive threat profiles for client onboarding or periodic reviews. Input company name and domain, get a full threat intelligence report with recommendations.

{
  "companyName": "Acme Manufacturing",
  "domain": "acme-mfg.com",
  "sector": "Manufacturing"
}

2. M&A Due Diligence

For: Private equity, corporate development, risk teams

Quickly assess the cyber risk posture of acquisition targets. Understand their attack surface and which threat actors are relevant before the deal closes.

{
  "companyName": "Target Corp",
  "domain": "targetcorp.io",
  "qualityTier": "premium"
}

3. Third-Party Risk Management

For: Vendor risk, procurement, supply chain security

Evaluate suppliers and partners for cyber risk. Identify if they're in a high-risk sector or have exposed infrastructure.

{
  "companyName": "Critical Supplier Ltd",
  "domain": "supplier.com",
  "country": "DE"
}

4. Threat Intelligence for SOC Teams

For: Security operations, threat hunters

Get MITRE-mapped threat actor profiles relevant to your organization. Use the detection priorities and hunting queries in your SIEM.

{
  "companyName": "Your Company",
  "domain": "yourcompany.com",
  "threatActorCount": 10
}

Pricing

Standard - $2.00

• AI Engine: Gemini 2.5 Flash
• 5 threat actors profiled with MITRE TTPs
• Full attack surface analysis
• Markdown + JSON + PDF output

Premium - $26.00

• AI Engine: Gemini 2.5 Pro (reasoning model)
• Executive-grade analysis with deeper insights
• Enhanced threat actor profiling (up to 10)
• Board-ready PDF formatting
• Extended recommendations with business context

BYOK - $0.50

• Bring your own API keys (75% savings)
• Same quality as Standard tier
• Best for high-volume usage

Add-ons

• Extra threat actors: +$0.20 each
• OT/ICS assessment: +$1.00

Quick Start

Minimum input:

{
  "companyName": "Company Name"
}

Sector is auto-detected. Domain enables attack surface analysis. That's it.

Full input:

{
  "companyName": "Global Tech Inc",
  "domain": "globaltech.com",
  "sector": "Technology",
  "country": "US",
  "qualityTier": "standard",
  "threatActorCount": 5,
  "includeOT": false
}

Output

You receive:

• JSON dataset with structured threat intelligence (see below)
• Markdown report (~25 pages) with full analysis
• PDF report with professional formatting

Structured Output (NEW)

For programmatic consumption, the Actor now outputs structured JSON data alongside the markdown report:

{
  "companyName": "ASML",
  "domain": "asml.com",
  "sector": "Manufacturing",
  "report": "...full markdown report...",
  "pdfUrl": "https://...",

  // NEW: Structured threat intelligence
  "riskLevel": "HIGH",
  "threatActors": [
    {
      "name": "APT41",
      "attribution": "China",
      "sophistication": "Nation-State",
      "mitre_techniques": [
        {
          "tactic": "Initial Access",
          "techniques": [
            {"id": "T1566.001", "name": "Spearphishing Attachment"}
          ]
        }
      ],
      "relevance": "HIGH",
      "target_sectors": ["Manufacturing", "Technology"]
    }
  ],
  "incidents": [
    {
      "date": "2023-05",
      "threat_actor": "APT41",
      "impact": "IP theft",
      "description": "Confirmed breach targeting semiconductor IP",
      "source_url": "https://..."
    }
  ],
  "attackSurface": {
    "total_subdomains": 1247,
    "resolved_subdomains": 892,
    "cloud_providers": [
      {"provider": "Azure", "ip_ranges": ["..."]},
      {"provider": "AWS", "ip_ranges": ["..."]}
    ],
    "exposed_services": [
      {
        "hostname": "vpn.example.com",
        "port": 443,
        "service": "VPN",
        "risk_level": "HIGH"
      }
    ]
  }
}

Use Cases for Structured Output:

• Client Profiler Integration: Feed threat data into sales intelligence tools
• Automated Workflows: Trigger responses based on risk_level
• Custom Dashboards: Build visualizations from structured data
• API Integration: Consume threat intelligence programmatically

Sample Report Structure

1. Executive Summary (risk level, key findings)
2. Attack Surface Analysis (subdomains, cloud, exposed services)
3. Threat Actor Profiles (with MITRE techniques)
4. Prioritized Threat Vectors
5. Business Impact Scenarios
6. Recommendations (by timeline: 7 days, 30 days, 90 days)
7. Detection Priorities (SOC use cases)
8. MITRE ATT&CK Heatmap

Data Sources

• CTI Dataset: 51 threat actors, 26 campaigns, MITRE-enriched
• Attack Surface: crt.sh, HackerTarget, ipinfo.io, Microsoft Federation
• Optional: FOFA (internet assets), Tidal Cyber (enhanced CTI)

BYOK Mode (Bring Your Own Key)

Reduce costs by 75% by providing your own API keys. This is ideal for security teams running multiple assessments.

Required for BYOK Pricing

Key	Get it from	Purpose
Google AI API Key	Google AI Studio	Powers the AI analysis engine

Optional Enhancements

Key	Get it from	Purpose
Tidal Cyber API Token	Tidal Cyber	Enhanced threat actor intelligence, campaign data, and TTP mappings from the Tidal knowledge base
FOFA API Key	FOFA	Extended internet asset reconnaissance and exposure discovery

Note: Without optional keys, Threat Profiler uses its built-in CTI dataset (51 actors, 26 campaigns) enriched with MITRE ATT&CK data.

---

Questions? support@peachstudio.be

Built for the Apify $1M Challenge