darkweb
Dark Web/Underground
Dark Web
Red Sky Alliance currently monitors dozens of underground and dark websites where criminal activity takes place and is discussed. Using darkweb data, analysts can learn about what threat actors are talking about, and where the discussion is taking place. Threat actors often advertise access to victim networks or leak sensitive information stolen during attacks. Red Sky Alliance darkweb data contains hundreds of thousands of indicators from dark web forums, marketplaces, and ransomware leak sites.
Dark Web Forum
Threat actors often discuss or brag about their attacks. They also share tactics, techniques, and procedures. Analysts can search through dark web forums to see what threat actors are saying about them, their company, or their industry.
Field | Description |
etl_date | date data was exported, transformed or loaded(ETL) |
first_seen | when data was first observed |
last_seen | when data was last observed |
post_author | name of user posting forum content |
post_category | category assigned by forum or post author |
post_content | content of the forum post |
post_reply_author | name of user replying to original post content |
post_reply_content | content of reply post |
post_reply_timestamp | timestamp or reply post |
post_timestamp | timestamp of original post |
post_title | title of the forum post |
raw_file | .csv file containing raw data |
reference | link to dark website (.onion) where indicator was identified |
site_name | full name of forum |
site_type | dark website category (forum) |
site_url | link to url (.onion) where indicator was identified |
Dark Web Marketplace
Attackers aren't just stealing data, they are selling it. Some are even selling the access they obtained illegally for just a few bucks. Companies can monitor what threat actors are selling and monitor for attackers claiming to have access to, or stolen data from, their company.
Field | Description |
etl_date | date data was exported, transformed or loaded(ETL) |
first_seen | when data was first observed |
item_category | category assigned by marketplace or vendor |
item_description | description of item being sold |
item_price | price of item being sold (as listed) |
item_title | name of the item being sold |
item_vendor | vendor selling the item |
last_seen | when data was last observed |
post_timestamp | timestamp when the item was posted |
raw_file | .csv file containing raw data |
reference | link to dark website (.onion) where indicator was identified |
site_name | full name of marketplace |
site_type | dark website category (marketplace) |
site_url | link to url (.onion) where indicator was identified |
Dark Web Ransomware
Ransomware actors have evolved from simply holding a network hostage. Ransomware groups are now working together in an effort to earn higher profits. Red Sky Alliance dark web ransomware data allows analysts to see who has been breached, who is selling access to which networks, and which data ransomware groups are publishing simply as punishment for non-payment. Companies can also monitor when their supply chain is compromised which may lead to future cyber attacks.
Field | Description |
etl_date | date data was exported, transformed or loaded(ETL) |
first_seen | when data was first observed |
last_seen | when data was last observed |
raw_file | .csv file containing raw data |
reference | link to dark website (.onion) where indicator was identified |
site_name | name of ransomware group |
site_type | dark website category (ransomware) |
site_url | link to url (.onion) where indicator was identified |
victim_address | address of ransomware victim |
victim_description | description of leaked information |
victim_domain | domain (website) of ransomware victim |
victim_email | email address listed as contact for victim company |
victim_files | name of files leaked |
victim_name | name of ransomware victim |
victim_phone | phone number listed as contact for victim company |
victim_published_data_size | volume of data being leaked |
Last updated