Advanced search

FAQ Overview

Tracker

What websites are currently included in the monitoring?

The system is currently monitoring the following ransomware and data leak sites:

Ransomware

  • Akira
  • Abyss
  • AlphV / Black Cat
  • Arcane
  • AstroLocker
  • AtomSilo
  • Avaddon
  • AvosLocker
  • Babuk
  • BianLian
  • BlackBasta
  • BlackByte
  • BlackMatter
  • BlogXX
  • Cheers
  • CL0P
  • Colossus
  • Conti
  • CrossLock
  • CryptNet
  • CUBA
  • DarkPower
  • Darkrypt
  • DarkSide
  • Defray / RansomEXX
  • DoppelPaymer
  • Dunghill Leak / Dark Angels
  • Entropy
  • Everest
  • Grief
  • Groove
  • Haron
  • HiveLeaks
  • Hotarus
  • IceFire (not displayed in the dashboard due to unclear attribution)
  • IndustrialSpy
  • Izis
  • Karma
  • Lilith
  • LockBit 2.0
  • LockBit 3.0
  • LockData
  • Lorenz
  • LV
  • Makop
  • Mallox
  • Medusa
  • MedusaLocker
  • Midas
  • Mindware
  • MoneyMessage
  • Monti
  • Moses Staff
  • MountLocker
  • N3tworm
  • Nefilim
  • NightSky
  • Nokoyawa
  • Onyx
  • Pandora
  • Pay2Key
  • payload.bin
  • PLAY
  • Prometheus
  • PYSA
  • Qilin
  • Quantum
  • RA Group
  • RagnarLocker
  • Ragnarok
  • RansomHouse
  • RanzyLeak
  • REvil
  • RedAlert
  • Relic
  • Rook
  • Royal
  • Sabbath / 54bb47h
  • Sparta
  • Spook
  • Stormous
  • SunCrypt
  • Trigona
  • UnSafe
  • ViceSociety
  • VisVendetta
  • XingTeam
  • Yanluowang

Data Leak Sites (DLS)

  • Abrahams Ax
  • Arvin Club
  • Blacktor
  • Bonaci
  • CoomingProject
  • DataLeak
  • Donut Leaks
  • Karakurt
  • Marketo
  • RobinHoodLeaks
  • Snatch

Author: Corsin Camichel
Last update: 2023-04-30 15:56

How often is data updated?

The tracker system is collecting information around the clock, 7 days a week. Expect a delay of up to 60 minutes for new entries. Each event is then enriched to include additional details. This can take up to 48 hours.

Author: Corsin Camichel
Last update: 2022-02-04 13:34

How are events enriched?

The tracker systems is using a commercial enrichment services that gathers additional information like company name, sector, website, employee count from LinkedIn.

Author: Corsin Camichel
Last update: 2022-02-04 13:50

Profile: Keyword Settings

Keyword Alerts in the Dashboard

Screenshot of profile settings

Your personal profile page allows you to perfom two actions around keywords:

  1. Adding a list of keywords of interest
    1. Keywords defined in this text area are being used to search for matches in the following fields
      1. Event name/company name
      2. Sector
      3. Country
  2. Selecting an option to highlight keywords in the dashboard table

Matched events in the dashboard will be marked with the following icon:
You will also be able to fiter for all keyword hits in the table.

Email Alerts

This is a feature for "Professional" subscriptions only.

The keywords that you are defining in your profile settings will also be used to send you email alerts if a keyword hits on a new event. To enable this feature simply select the option "Keyword alert" and save the changes.

The keyword alerts per email are executed once every hour. 

Author: Corsin Camichel
Last update: 2022-05-20 22:01

JSON and CSV export options

JSON and CSV export options

This is a feature for "Professional" subscriptions only.

To automate and integrate the data available in the dashboard we recommend you use one of the export options. These options allow you to easily integrate new events. Simply select the format (JSON: JavaScript Object Notation, CSV: Comma-Separated Values), the timerange (last hour, last 24 hours, today, yesterday, this month, last month), add the X-API-Key authentication header (the API key can be found in your profile settings) and you are ready to fetch and ingest the data.

JSON export

The JSON format is straightforward and includes many of the values also displayed in the dashboard:

{
	"data": [{
		"id": "REMOVED",
		"first_seen": "2022-01-01 REMOVED",
		"last_seen": "2022-01-01 REMOVED",
		"leak_site": "REMOVED",
		"leak_title": "REMOVED",
		"country": "REMOVED",
		"sector": "REMOVED",
		"name": "REMOVED",
		"website": "REMOVED",
		"employees": "REMOVED",
		"keyword": "REMOVED",
		"leak_domain": "http://REMOVED.onion/",
		"leak_url": "http://REMOVED.onion/post/REMOVED",
		"duplicate": "REMOVED",
		"data_leak": "False",
		"data_leak_seen": ""
	}]
}

CSV export

A CSV export document also contains almost all the values displayed on the dashboard

"id","first_seen","last_seen","leak_site","leak_title","country","sector","name","website","employees","keyword","leaksite_domain","leaksite_url","data_leak","data_leak_seen"
"REMOVED","2022-01-01 REMOVED","2022-01-01 REMOVED","REMOVED","REMOVED","REMOVED","REMOVED","REMOVED","REMOVED","REMOVED","false"

Author: Corsin Camichel
Last update: 2022-07-31 19:27

Browser Extension

Installation of the eCrime.ch browser extension

To install and enable the extension, please go to the extension page on the Google Chrome Webstore:

https://chromewebstore.google.com/u/1/detail/ecrimech-lookup-plugin/iiglhgknkglaneblkhnhhbeedakfkfcp?hl=en

 

  1. Click the "Add to Chrome" button on the page.
  2. Once the extension is installed and enabled, make sure to pin the extension by:
    1. Click the general extension icon in Chrome.
    2.  Next to the eCrime.ch extension click the pin icon.
    3. The eCrime.ch icon is now displayed all the time.
  3. Click the eCrime.ch extension icon and select "Back to API Keys".
  4. On the settings page, enter your personalized API Key. You can find the API Key on your profile page.
  5. Once you have entered the key and clicked save, a notification displays that the domain list was fetched and the extension is ready.
  6. Now, whenever you browse a URL, the extension checks if eCrime.ch has any details on a cyber security incident.

 

Author: Corsin Camichel
Last update: 2023-11-23 12:47