Threat Intelligence · Refracted

One threat.
Every angle.

Enter any IOC, actor, or sector. Fancy Intel traces it to every linked indicator, article, and campaign — then builds your report.

INVESTIGATION #0047 · ACTIVE
185.220.101.47 → APT28 → T1566
CVE-2026-21509 → MS Exchange → 3 articles
domain: update-cdn[.]net → Cobalt Strike → C2
NEW
REVIEWING
INCLUDED

§ 01 · Scope

Start with what you know

Set a fluid investigation scope — a sector, a technology, a known actor, or a raw IOC. Fancy Intel builds the picture from there.

SECTORTECHNOLOGYACTORIOC / INDICATOR

Investigation Scope

APT28, energy sector, 185.220.101.47…
× energy× critical infrastructure× APT28
NEW
APT28 spearphishing surge
NCSC · [A]
energy, phishing
Volt Typhoon critical infra
FBI · [A]
critical-infra
REVIEWING
Lazarus financial targeting
CISA · [A]
finance, SWIFT
MITRE ATT&CK v15 update
MITRE · [B]
techniques
INCLUDED
Iran IOC cluster — telecom
Mandiant · [A]
telecom, IOCs
KEV advisory — Fortinet, MS
CISA · [A]
CVE-2026-21509
C2 infra: Cobalt Strike TLS
Recorded · [B]
C2, TLS-443

§ 02 · Triage

Live feed, triaged in your workflow

Matching articles surface automatically as they're ingested. Drag them through your kanban — New, Reviewing, Included, Archived — building the evidence base for your report.

§ 03 · Report

From triage to intelligence brief

Select which sections to include — Sector Exposure, Actor Profiles, IOC Inventory, TTP Analysis. Export to a formatted Word document or PDF, ready to send.

Threat AssessmentTLP:GREEN
JUNE 2026 · CONFIDENTIAL · REV 1
§01
Executive Summary
§02
Sector Exposure
§03
Actor Profiles
§04
IOC Inventory
§05
TTP Analysis

START NOW

Intelligence that moves at threat speed

Stop assembling reports by hand. Let Fancy Intel trace every connection and deliver a finished brief — ready to share.

Start your investigation