SOCRadar® Cyber Intelligence Inc. | The Week in Dark Web – 21 November 2022 – Access & Malicious Service Sales and Data Leaks


Nov 21, 2022
3 Mins Read

The Week in Dark Web – 21 November 2022 – Access & Malicious Service Sales and Data Leaks

Powered by DarkMirror™

There are not always access or database sales on the dark web, although we mainly cover them in our weekly articles. Threat actors also run malware-as-a-service or ransomware-as-a-service operations on the dark web.

Among the notable announcements of this week, in addition to leaks and access sales, there are also remote access trojan and DDoS service sales.

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

Source Codes of the Dominican Government Portal are Leaked 

On 17 November, SOCRadar found a new post on a forum. The post allegedly shares the complete source code of the governmental service portal of the Dominican Republic. The post’s creator also explains that the leak includes Git files, SMTP Passwords, Admin passwords, and API source code. 

A New RAT is Leaked for Free on the Dark Web 

On 8 November, a new post about a database leak was detected by SOCRadar Dark Web Analysts. The vendor shares a download link for a RAT (Remote Access Tool) in the post, claiming that it can fully operate in cross-platforms. Then the vendor shares the table above to show the capabilities of the shared RAT tool. 

DDoS Service is for Sale 

SOCRadar Dark Web Team has found a DDoS Service Sale on a Telegram Channel. Different packages are on the list in the sale, with prices ranging from $120 to $1850. After mentioning the features, vendors share contact information.

Bulgaria Ministry of Finance Database is for Sale 

A database of Bulgarian citizens was found on a Telegram channel by the SOCRadar Dark Web team on 15 November. The database allegedly belongs to the Bulgarian Ministry of Finance and includes 1010 files of 11.5 GB. The vendor claims it is full of citizens’ data and sells the database for $6500.

Unauthorized Admin Access of an Insurance Company for Sale 

SOCRadar detected a new alleged authorized admin access sale post in a hacker forum on 15 November 2022. The access belongs to an insurance company. According to the vendor, the access leads to a panel where more than 37 million peoples’ data can be accessible. The sale is posted on Telegram, and the price tag for the access is 6BTC (~$100.000).

Sensitive Documents of Bangladesh Army are Leaked 

SOCRadar Dark Web Team has found a new post on a hacker forum that shares Bangladesh Army documents. In the post, no further explanation is made. Considering that only the documents leaked instead of databases. SOCRadar Analysts highlight that this situation might be related to a misconfigured bucket. 

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.