July 18, 2024
Read on for highlights from DarkOwl’s Product Team for Q2, including new exciting product features.
Major Vision UI Updates
User Activity + User Profile
The team launched a new User Settings section, which includes user profile management and an Activity page. The Activity page will display information about a user’s individual work in Vision UI, which for now includes Searches, Saved Searches, and Search Blocks.
Figure 1: Example of User Activity Screen
Lexicon 2.0
The DarkOwl Lexicon continues to grow and this quarter, it more than doubled the number entries. In addition to Forums, Markets, and Ransomware Sites, we added two new sections: Chans and Paste Sites. DarkOwl Vision’s Lexicon is an easy-to-use tool intended to help you find interesting content from hacking forums, marketplaces, and other darknet sites. You can make suggestions for sites you’d like us to add here.
Actor Explore Enrichments
- The team added several new actors into the Actor Explore dataset, taking the number of actors in our dataset to 315. Some of the new actor profiles include USDoD, Dmitry Yuryevich KHOROSHEV, and IntelBroker. Entries such as ShinyHunters and Scattered Spider have been updated based on these actors’ recent activity.
- We enabled search by CVE or Industry on the main landing page and made it easy to copy contact or entity information from an actor dossier. Enabling search by CVE or industry makes it easier to find and compare actors of interest.
Figure 2: Selecting an item from the Industries screen
More Product Updates
- We launched the first set of our in-app Onboarding Guides in our Vision UI assistant! These self-paced tours are great for new users of the platform, or for those who need a refresher and review of new features.
- Analyst-friendly Search Result features: We’ve added additional pivoting from search result metadata, as well as a “copy defanged URL” option to quickly add sanitized URLs to reports.
- Our Feed system has been updated to make all of our latest forum features, such as threads, post dates, and post authors, as well as other newer fields available as options in our feeds.
- Our Feed system has been updated to make all of the forum features – and other newer fields – available in our feeds.
Collection Stats
Highlights
This quarter was another one of growth in data collection. The team had 32% growth quarter over quarter in ZeroNet documents, 17% growth in records from Telegram and nearly 300 Telegram channels, and 5% growth in paste documents, just to highlight a few.
Leaks of Interest Collected
When your search results are from data leaks, users can review additional information curated by DarkOwl analysts, giving you enrichment on the data leak. The descriptions below are all available in our Leak Context product feature.
Shell
Data purported to be from Shell was posted on BreachForums, a hacking forum, on May 28, 2024. According to the post, this breach affected the following countries: Australia, Canada, France, India, Malaysia, Netherlands, Philippines, Singapore and United Kingdom. Data exposed includes customer shopper code, full names, mobile numbers, email addresses, physical addresses and payment site details. Analyst Note: According to the original post, the leak contains 80 thousand rows of data and occurred in May 2024.
The Post Millennial
Data purported to be from The Post Millennial was posted on Internet Archive, a digital library, on May 3, 2024. According to the post, the leak contains copies of the users.json and editors.json files from thepostmillennial.com. The page title is indicative of the files originally being released by “Angelina Ngo.” Data exposed includes names, usernames, passwords, email addresses, password hints, phone numbers, genders, and physical addresses. Analyst Note: Research in DarkOwl Vision indicates the leak was reposted on BreachForums. According to that post, the website was hacked by an individual claiming to be “Angelina (Andy) Ngo” and the leak includes a mailing list containing over 39 thousand rows of user data. A copy of the defacement message is included, which indicates the motive of the attack against the conservative publication is in support of the LGBTQ community.
Okta
Data purported to be from Okta was posted on BreachForums, a hacking forum, on March 9, 2024. According to the post, the breach occurred in September 2023, and exposed data on 3.8 thousand customer support users. Data exposed includes user ID numbers, usernames, full names, company names, physical addresses, phone numbers, mobile numbers, email addresses. Analyst Note: According to the original post, the threat actor Ddarknotevil shared the breach on behalf of IntelBroker (Cyber Niggers). Analyst Note 2: A high level review of the data indicates that account details such as account status, last login, notes, and role groups were also leaked.
Curious how these features can make your job easier? Get in touch!
The post Q2 2024: Product Updates and Highlights appeared first on DarkOwl, LLC.