District 4

Overview

District 4’s flagship product, Darkside, is an open-source data solution that leverages one of the largest repositories of compromised credentials and other Person of Interest data (PII).

With over 40 billion records and millions of new records added daily from deep and dark web sources around the globe, Darkside is truly at the cutting edge of cyber threat intelligence data.

This data is essential for any online investigation, especially those involving adversarial or anonymous threat actors.

When paired with the link analysis power of Maltego, investigators can quickly pivot off email addresses, domains, IP addresses, names, passwords and other PII to unravel a subject’s online presence; identify threat actors; determine a company’s breach exposure and perform cutting-edge OSINT investigations.

Read more about District4 Transforms for Maltego here.

Pricing & Access

Community Hub

District4 Transforms are only available to Maltego commercial plan users.

Commercial Hub

Users with a Maltego One license have the following purchase options:

• CLICK-AND-RUN

Simply install the Hub item and start using the Transforms in your Maltego plan

• Maltego Enterprise: 50 Transform Runs / month

• DATA SUBSCRIPTION

Purchase annual data subscriptions by reaching out to support@maltego.com.

• BRING YOUR OWN KEY

Plug in your District4 API key to install and use the Transforms in Maltego.

District 4 Transforms

D4 - Extract Personally Identifiable Information (PII)

Description

Extract meaningful Person of Interest data (PII) from record as well as social media profiles when available.

Transform Settings

Transform Meta Info

D4 - Leaked Records Search (password)

Description

Search plain-text or passwords that have been cracked by D4.

Transform Settings

Transform Meta Info

D4 - Leaked Records Search (phrase)

Description

Search records for information in other fields like bio, signature, description, userid, connected accounts, etc.

Transform Settings

Transform Meta Info

D4 - Leaked Records Search (phone)

Description

Search records by phone number. Punctuation and spaces do NOT matter. We recommend you search with and without the country code.

Transform Settings

Transform Meta Info

D4 - Leaked Records Search (person)

Description

Search records by name. Order is irrelevant: search is for each term in your query in the name field, e.g., 'John Smith' will return records for 'John Smith', 'Smith John', 'John Robert Smith', etc.

Transform Settings

Transform Meta Info

D4 - Leaked Records Search (ip)

Description

Search records by IPv4 or IPv6 address.

Transform Settings

Transform Meta Info

D4 - Leaked Records Search (email)

Description

Search by email address. Punctuation in the email handle does NOT matter, so 'johnsmith@aol.com' will return records with 'john_smith@aol.com', john.s.mith@aol.com', etc.

Transform Settings

Transform Meta Info

D4 - Leaked Records Search (domain)

Description

Search for records by domain.

Transform Settings

Transform Meta Info

D4 - Leaked Records Search (complex)

Description

Search records leveraging an 'AND' query to filter results.

Transform Settings

Transform Meta Info

D4 - Leaked Records Search (alias)

Description

Search by Alias. Punctuation in the email handle does NOT matter, so 'johnsmith' will return records with 'john_smith', john.s.mith!', etc.

Transform Settings

Transform Meta Info

D4 - Email Wildcard Maker

Description

Creates Entity to facilitate searches for a given username as part of an email address.

Transform Settings

Transform Meta Info

D4 - Create Complex Search

Description

Create complex search Entity to allow you to filter searches. A wildcard '*' is allowed at the end of each term.

Transform Settings

Transform Meta Info

Variants

D4 - Wildcard Email Maker

Description

Creates an Entity to facilitate searches for a given username as part of an email address, e.g., johnsmith will capture johnsmith@aol.com, johnsmith123@gmail.com, etc.

Transform Settings

Transform Meta Info