Overview
District 4’s flagship product, Darkside, is an open-source data solution that leverages one of the largest repositories of compromised credentials and other Person of Interest data (PII).
With over 40 billion records and millions of new records added daily from deep and dark web sources around the globe, Darkside is truly at the cutting edge of cyber threat intelligence data.
This data is essential for any online investigation, especially those involving adversarial or anonymous threat actors.
When paired with the link analysis power of Maltego, investigators can quickly pivot off email addresses, domains, IP addresses, names, passwords and other PII to unravel a subject’s online presence; identify threat actors; determine a company’s breach exposure and perform cutting-edge OSINT investigations.
Read more about District4 Transforms for Maltego here.
Description
Extract meaningful Person of Interest data (PII) from record as well as social media profiles when available.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Extract Personally Identifiable Information |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4piiext |
| Short Description | Extract meaningful PII from record. |
| Input Entities | district4.CompromisedRecord |
| Output Entities | Phrase |
D4 - Leaked Records Search (password)
Description
Search plain-text or passwords that have been cracked by D4.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Leaked Records Search (password) |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4PIIcredsearchpw |
| Short Description | Search passwords cracked by D4 |
| Input Entities | district4.Password |
| Output Entities | Phrase |
D4 - Leaked Records Search (phrase)
Description
Search records for information in other fields like bio, signature, description, userid, connected accounts, etc.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Leaked Records Search (phrase) |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4PIIcredsearchphrase |
| Short Description | Search records by Phrase |
| Input Entities | maltego.Phrase |
| Output Entities | Phrase |
D4 - Leaked Records Search (phone)
Description
Search records by phone number. Punctuation and spaces do NOT matter. We recommend you search with and without the country code.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Leaked Records Search (phone) |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4PIIcredsearchphone |
| Short Description | Search records by phone number. |
| Input Entities | maltego.PhoneNumber |
| Output Entities | Phrase |
D4 - Leaked Records Search (person)
Description
Search records by name. Order is irrelevant: search is for each term in your query in the name field, e.g., 'John Smith' will return records for 'John Smith', 'Smith John', 'John Robert Smith', etc.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Leaked Records Search (person) |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4PIIcredsearchperson |
| Short Description | Search records by person Name. |
| Input Entities | maltego.Person |
| Output Entities | Phrase |
D4 - Leaked Records Search (ip)
Description
Search records by IPv4 or IPv6 address.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Leaked Records Search (ip) |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4PIIcredsearchip |
| Short Description | Search records by IP |
| Input Entities | maltego.IPv4Address |
| Output Entities | Phrase |
D4 - Leaked Records Search (email)
Description
Search by email address. Punctuation in the email handle does NOT matter, so 'johnsmith@aol.com' will return records with 'john_smith@aol.com', john.s.mith@aol.com', etc.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Leaked Records Search (email) |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4PIIcredsearchemail |
| Short Description | Search by email address. |
| Input Entities | maltego.EmailAddress |
| Output Entities | Phrase |
D4 - Leaked Records Search (domain)
Description
Search for records by domain.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Leaked Records Search (domain) |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4PIIcredsearchdomain |
| Short Description | Search records by domain. |
| Input Entities | maltego.Domain |
| Output Entities | Phrase |
D4 - Leaked Records Search (complex)
Description
Search records leveraging an 'AND' query to filter results.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Leaked Records Search (complex) |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4PIIcredsearchcomplex |
| Short Description | Search records - complex terms |
| Input Entities | district4.D4ComplexSearch |
| Output Entities | Phrase |
D4 - Leaked Records Search (alias)
Description
Search by Alias. Punctuation in the email handle does NOT matter, so 'johnsmith' will return records with 'john_smith', john.s.mith!', etc.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Leaked Records Search (alias) |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4PIIcredsearchalias |
| Short Description | Search records by alias. |
| Input Entities | maltego.Alias |
| Output Entities | Phrase |
D4 - Email Wildcard Maker
Description
Creates Entity to facilitate searches for a given username as part of an email address.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Email Wildcard Maker |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4emailwild |
| Short Description | Create wildcard email so you can search for the handle as a substring in the email field. |
| Input Entities | maltego.EmailAddress |
| Output Entities | Phrase |
D4 - Create Complex Search
Description
Create complex search Entity to allow you to filter searches. A wildcard '*' is allowed at the end of each term.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Create Complex Search |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Short Description | Create complex search Entity to allow you to filter searches |
| Output Entities | Phrase |
Variants
| d4complexperson | maltego.Person |
| d4complexpassword | district4.Password |
| d4complexdomain | maltego.Domain |
| d4complexalias | maltego.Alias |
D4 - Wildcard Email Maker
Description
Creates an Entity to facilitate searches for a given username as part of an email address, e.g., johnsmith will capture johnsmith@aol.com, johnsmith123@gmail.com, etc.
| APIKey | API Key | string | | True | True | False |
| Display Name | D4 - Wildcard Email Maker |
| Owner | District4 |
| Author | info@district4labs.com |
| Data Source | D4 |
| Transform Name | d4aliaswild |
| Short Description | Create wildcard email so you can search for the handle as a substring in the email field. |
| Input Entities | maltego.Alias |
| Output Entities | Phrase |
