Q3 2024: Product Updates and Highlights

October 23, 2024

Read on for highlights from DarkOwl’s Product Team for Q3, including new exciting product features.

Major Vision UI Updates

Website Mentions

The team is thrilled to announce that one of our most requested features from clients went live this quarter! Website Mentions is now a feature extraction in our dataset, which provides more inclusive searching and monitoring for domain results. This helps you surface more results when you search—such as results with subdomains as well as domains within URLs.

Enhanced searching features are available in Vision UI and Search API, including:

New Search Tools and search options
Updated Filter values
Website field included on search results

Additionally, Score API and Ransomware API have been adjusted to use our new Website Mentions feature extraction for increased domain detection.

More Product Updates

Password Detection and Classification Updates

We’ve improved our password detection, which identifies more password formats within our data collection, as well as password classification, which identifies whether it is plaintext or hashed. Now, users can see more passwords associated with email addresses than ever. This feature is available in our Vision UI and Entity API.

Actor Explore and Actor API

Based on customer feedback, we’ve added Country Targeted and CVEs as filters on the main Actor Explore page. Recently updated actor dossiers include IntelBroker, USDoD, ShinyHunters, and yalishanda.

Actor API is now available as an add-on option for All-Data-and-Context subscriptions. This allows you to programmatically retrieve all information contained within our actor dossiers. The Actor Summary endpoint allows customers to see what actor dossiers are available in our database.

Other Vision UI Updates

Explore Training Guides

This quarter, we launched in-app training guides for our Explore section. These complement and expand on our previous Basic Onboarding guides. We walk through all the features in the Actors, Entity, and Leaks sections, showing exactly what to click on. Explanations and tips arm you with all the details you need to get started with these sections.

Query Builder and Template Additions

The new Company query builder makes it easy for users to search for both their company name and company domain in one search. To access, go to the Search Tools menu, and select Query Builders. There, you can select Company, and fill in the two fields.

Site Context for Forums

Site Context is information from the DarkOwl analyst team that gives additional enrichment about search results. This includes the Site Name and any aliases, and may include relevant dates or other information. Where available, options to pivot to Actor Explore, or to pivot to search associated Telegram channels will be present. We initially rolled out this feature for Ransomware sites, and this quarter we’ve expanded it to Forums.

Collection Stats

Highlights

This quarter was another one of growth in data collection. The team had 18% growth in credit card numbers, 11% increase in unique crypto wallets, a 14% growth in total collected Tor documents and another 14% growth in total collected records from Telegram – just to highlight a few.

Leaks of Interest Collected

When your search results are from data leaks, users can review additional information curated by DarkOwl analysts, giving you enrichment on the data leak. The descriptions below are all available in our Leak Context product feature.

LeakBase.io

Data purported to be from LeakBase was posted on Nulled, a hacking forum, on August 10, 2024. According to the post, this is a scrape of the site and contains data on 78,540 users. Data exposed includes user identification numbers (UID), usernames, number of messages, and reaction scores.

National Public Data

Data purported to be from National Public Data (NPD) was posted on BreachForums, a hacking forum, on August 6, 2024. According to the post by threat actor Fenice, the full NPD database was breached by SXUL. Data exposed includes full names, dates of birth, physical addresses, phone numbers, and Social Security Numbers.

Crowdstrike IoC list

Data purported to be from CrowdStrike was posted on BreachForum, a hacking forum, on July 28, 2024. According to the post, UsDoD claims to have the entire IoC (Indicator of Compromise) list from Crowdstrike but only released the first 100,000 records. Data exposed includes indicators, types of malware, actors, reports, kill chains, published dates, latest updates, and labels.

trello.com

Data purported to be from Trello was posted on BreachForums, a hacking forum, on July 16, 2024. According to the post, Trello had an open API endpoint that allowed unauthenticated users to map an email address to a Trello account. Data exposed includes email addresses, names, profile data, user identification numbers (UID), and usernames.

Neiman Marcus

Data purported to be from Neiman Marcus was posted on BreachForums, a hacking forum, on June 27, 2024. According to the post, ShinyHunters breached the Neiman Marcus Group Inc. in May 2024, claiming that the leak contained data on more than 40 million customers, including 29.7 million unique email addresses. Data exposed includes customer account balances, credit cards, dates of birth, gift cards, IP addresses, full names, payment histories and methods, phone numbers, and physical addresses.