github.com/curated-intel/…
Access Brokers
| Date | Threat(s) | Source |
|---|---|---|
| 23 JAN | Access broker "Mont4na" offering UkrFerry | RaidForums [not linked] |
| 23 JAN | Access broker "Mont4na" offering PrivatBank | RaidForums [not linked] |
| 24 JAN | Access broker "Mont4na" offering DTEK | RaidForums [not linked] |
| 27 FEB | KelvinSecurity Sharing list of IP cameras in Ukraine | vHUMINT [closed source] |
| 28 FEB | "w1nte4mute" looking to buy access to UA and NATO countries (likely ransomware affiliate) | vHUMINT [closed source] |
Data Brokers
| Threat Actor | Type | Observation | Validated | Relevance | Source |
|---|---|---|---|---|---|
| aguyinachair | UA data sharing | PII DB of ukraine.com (shared as part of a generic compilation) | No | TA discussion in past 90 days | ELeaks Forum [not linked] |
| an3key | UA data sharing | DB of Ministry of Communities and Territories Development of Ukraine (minregion[.]gov[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| an3key | UA data sharing | DB of Ukrainian Ministry of Internal Affairs (wanted[.]mvs[.]gov[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| CorelDraw | UA data sharing | PII DB (40M) of PrivatBank customers (privatbank[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| CorelDraw | UA data sharing | DB of "border crossing" DBs of DPR and LPR | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| CorelDraw | UA data sharing | PII DB (7.5M) of Ukrainian passports | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| CorelDraw | UA data sharing | PII DB of Ukrainian car registration, license plates, Ukrainian traffic police records | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| CorelDraw | UA data sharing | PII DB (2.1M) of Ukrainian citizens | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| CorelDraw | UA data sharing | PII DB (28M) of Ukrainian citizens (passports, drivers licenses, photos) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| CorelDraw | UA data sharing | PII DB (1M) of Ukrainian postal/courier service customers (novaposhta[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| CorelDraw | UA data sharing | PII DB (10M) of Ukrainian telecom customers (vodafone[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| CorelDraw | UA data sharing | PII DB (3M) of Ukrainian telecom customers (lifecell[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| CorelDraw | UA data sharing | PII DB (13M) of Ukrainian telecom customers (kyivstar[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| danieltx51 | UA data sharing | DB of Ministry of Foreign Affairs of Ukraine (mfa[.]gov[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| DueDiligenceCIS | UA data sharing | PII DB (63M) of Ukrainian citizens (name, DOB, birth country, phone, TIN, passport, family, etc) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| Featherine | UA data sharing | DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| FreeCivilian | UA data sharing | DB of Ministry for Internal Affairs of Ukraine public data search engine (wanted[.]mvs[.]gov[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| FreeCivilian | UA data sharing | DB of Ministry for Communities and Territories Development of Ukraine (minregion[.]gov[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| FreeCivilian | UA data sharing | DB of Motor Insurance Bureau of Ukraine (mtsbu[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| FreeCivilian | UA data sharing | PII DB of Ukrainian digital-medicine provider (medstar[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| FreeCivilian | UA data sharing | DB of ticket.kyivcity.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of id.kyivcity.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of my.kyivcity.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of portal.kyivcity.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of anti-violence-map.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of dopomoga.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of e-services.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of edu.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of education.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of ek-cbi.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mail.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of portal-gromady.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of web-minsoc.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of wcs-wim.dsbt.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of bdr.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of motorsich.com | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of dsns.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mon.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of minagro.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of zt.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of kmu.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of dsbt.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of forest.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of nkrzi.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of dabi.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of comin.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of dp.dpss.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of esbu.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mms.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mova.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mspu.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of nads.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of reintegration.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of sies.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of sport.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mepr.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mfa.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of va.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mtu.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of cg.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of ch-tmo.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of cp.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of cpd.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of hutirvilnij-mrc.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of dndekc.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of visnyk.dndekc.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of dpvs.hsc.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of odk.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of e-driver[.]hsc[.]gov[.]ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of wanted[.]mvs[.]gov[.]ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of minregeion[.]gov[.]ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of health[.]mia[.]solutions | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mtsbu[.]ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of motorsich[.]com | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of kyivcity[.]com | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of bdr[.]mvs[.]gov[.]ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of gkh[.]in[.]ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of kmu[.]gov[.]ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mon[.]gov[.]ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of minagro[.]gov[.]ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| FreeCivilian | UA data sharing | DB of mfa[.]gov[.]ua | No | TA discussion in past 90 days | FreeCivilian .onion [not linked] |
| Intel_Data | UA data sharing | PII DB (56M) of Ukrainian Citizens | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| Kristina | UA data sharing | DB of Ukrainian National Police (mvs[.]gov[.]ua) | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| NetSec | UA data sharing | PII DB (53M) of Ukrainian citizens | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| Psycho_Killer | UA data sharing | PII DB (56M) of Ukrainian Citizens | No | TA discussion in past 90 days | Exploit Forum .onion [not linked] |
| Sp333 | UA data sharing | PII DB of Ukrainian and Russian interpreters, translators, and tour guides | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| Vaticano | UA data sharing | DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine [copy] | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
| Vaticano | UA data sharing | DB of Ministry for Communities and Territories Development of Ukraine (minregion[.]gov[.]ua) [copy] | No | TA discussion in past 90 days | RaidForums [not linked; site hijacked since UA invasion] |
Vetted OSINT Sources
| Handle | Affiliation |
|---|---|
| @KyivIndependent | English-language journalism in Ukraine |
| @IAPonomarenko | Defense reporter with The Kyiv Independent |
| @KyivPost | English-language journalism in Ukraine |
| @Shayan86 | BBC World News Disinformation journalist |
| @Liveuamap | Live Universal Awareness Map (“Liveuamap”) independent global news and information site |
| @DAlperovitch | The Alperovitch Institute for Cybersecurity Studies, Founder & Former CTO of CrowdStrike |
| @COUPSURE | OSINT investigator for Centre for Information Resilience |
| @netblocks | London-based Internet's Observatory |
