darkweb
Dark Web/Underground
Dark Web
Red Sky Alliance currently monitors dozens of underground and dark websites where criminal activity takes place and is discussed. Using darkweb data, analysts can learn about what threat actors are talking about, and where the discussion is taking place. Threat actors often advertise access to victim networks or leak sensitive information stolen during attacks. Red Sky Alliance darkweb data contains hundreds of thousands of indicators from dark web forums, marketplaces, and ransomware leak sites.
Dark Web Forum
Threat actors often discuss or brag about their attacks. They also share tactics, techniques, and procedures. Analysts can search through dark web forums to see what threat actors are saying about them, their company, or their industry.
Field
Description
etl_date
date data was exported, transformed or loaded(ETL)
first_seen
when data was first observed
last_seen
when data was last observed
post_author
name of user posting forum content
post_category
category assigned by forum or post author
post_content
content of the forum post
post_reply_author
name of user replying to original post content
post_reply_content
content of reply post
post_reply_timestamp
timestamp or reply post
post_timestamp
timestamp of original post
post_title
title of the forum post
raw_file
.csv file containing raw data
reference
link to dark website (.onion) where indicator was identified
site_name
full name of forum
site_type
dark website category (forum)
site_url
link to url (.onion) where indicator was identified
Dark Web Marketplace
Attackers aren't just stealing data, they are selling it. Some are even selling the access they obtained illegally for just a few bucks. Companies can monitor what threat actors are selling and monitor for attackers claiming to have access to, or stolen data from, their company.
Field
Description
etl_date
date data was exported, transformed or loaded(ETL)
first_seen
when data was first observed
item_category
category assigned by marketplace or vendor
item_description
description of item being sold
item_price
price of item being sold (as listed)
item_title
name of the item being sold
item_vendor
vendor selling the item
last_seen
when data was last observed
post_timestamp
timestamp when the item was posted
raw_file
.csv file containing raw data
reference
link to dark website (.onion) where indicator was identified
site_name
full name of marketplace
site_type
dark website category (marketplace)
site_url
link to url (.onion) where indicator was identified
Dark Web Ransomware
Ransomware actors have evolved from simply holding a network hostage. Ransomware groups are now working together in an effort to earn higher profits. Red Sky Alliance dark web ransomware data allows analysts to see who has been breached, who is selling access to which networks, and which data ransomware groups are publishing simply as punishment for non-payment. Companies can also monitor when their supply chain is compromised which may lead to future cyber attacks.
Field
Description
etl_date
date data was exported, transformed or loaded(ETL)
first_seen
when data was first observed
last_seen
when data was last observed
raw_file
.csv file containing raw data
reference
link to dark website (.onion) where indicator was identified
site_name
name of ransomware group
site_type
dark website category (ransomware)
site_url
link to url (.onion) where indicator was identified
victim_address
address of ransomware victim
victim_description
description of leaked information
victim_domain
domain (website) of ransomware victim
victim_email
email address listed as contact for victim company
victim_files
name of files leaked
victim_name
name of ransomware victim
victim_phone
phone number listed as contact for victim company
victim_published_data_size
volume of data being leaked
Last updated