Changelog
🔑 GET YOUR FREE API KEY🤖 AI Assistant
Start typing to search…
Back to All
Added

{ New } - Search Data Field

about 7 hours ago by Dan Benshitrit

Added search_data Field to API (additional_fields)

We've added a new optional field in the additional_fields array of our API:
🔍 search_data

This field provides search engine queries and terms found in the browsing history of compromised machines, giving deep insight into user search behavior and potential security-related activities.

  • Field name: "search_data"
  • Field type: string (enum value within additional_fields)
  • Description: Adds information about search terms found in browsing history search engine results from infected devices, revealing user intent and potential threat indicators.

What it does:

  • Retrieves and displays search queries made by users on compromised machines
  • Captures search engine activity across different browsers and search platforms
  • Useful for behavioral analysis, threat hunting, and identifying suspicious search patterns that may indicate malicious intent or compromise awareness

Request Body Example:

curl --request POST \
     --url https://api.hudsonrock.com/json/v3/search-by-domain \
     --header 'accept: application/json' \
     --header 'api-key: <API_KEY>' \
     --header 'content-type: application/json' \
     --data '
{
  "domains": [
    "tesla.com",
    "teslamotors.com"
  ],
  "types": ["employees"],
  "keywords": ["sso"],
  "keywords_match": "any",
  "filter_credentials": true,
  "additional_fields": ["search_data"]
}

Response Example:

{
    "_id": "67a08ccd465561f4625e840f",
    "stealer": "...",
    "stealer_family": "Lumma",
    "date_uploaded": "2025-02-03T09:30:52.468Z",
    "employeeAt": [
        {
            "..."
        }
    ],
    "clientAt": [
        {
            "..."
        }
    ],
    "date_compromised": "2025-01-25T12:03:26.000Z",
    "ip": "...",
    "computer_name": "...",
    "operating_system": "...",
    "malware_path": "...",
    "credentials": [
        {
            "url": "https://sso.tesla.com/adfs/ls",
            "domain": "tesla.com",
            "username": "••••••••••@tesla.com",
            "password": "••••••••••",
            "type": "employee"
        }
    ],
    "search_data": [
        {
            "search_query": "how to remove malware from computer",
            "search_engine": "google.com",
            "timestamp": "2025-01-24T15:30:22.000Z"
        },
        {
            "search_query": "corporate vpn access remote work",
            "search_engine": "bing.com", 
            "timestamp": "2025-01-24T09:15:10.000Z"
        },
        {
            "search_query": "password manager security best practices",
            "search_engine": "duckduckgo.com",
            "timestamp": "2025-01-23T14:45:33.000Z"
        }
    ]
}

Use Cases:

  • Threat Hunting: Identify users searching for malware removal, suspicious software, or hacking techniques
  • Behavioral Analysis: Understand user intent and activities leading up to or following a compromise
  • Security Awareness: Detect employees searching for security-related topics that may indicate awareness of a breach
  • Incident Response: Correlate search activity with compromise timelines for forensic analysis
  • Risk Assessment: Identify high-risk search patterns that may indicate insider threats or targeted attacks