OSINT#

People-data sources the operator pulls for credential collection, target development, pretexting, and pattern-of-life. Operators treat all entries as starting points; legality varies by jurisdiction, and every dump or marketplace has a half-life. Spot- check freshness and chain-of-custody before relying on the entry.

Breaches#

Known breaches that exposed records of citizens, residents, or domestic firms. Operators use these for credential reuse, social- engineering pretexts, and target enumeration. Cross-reference HaveIBeenPwned (HIBP), DeHashed, IntelX, Leak-Lookup, Snusbase, and the country’s data-protection authority breach register.

Breach

Year

Records

Sector

Source

Notes

to be filled

to be filled

to be filled

to be filled

to be filled

to be filled

Stealers#

Stealer-log marketplaces and Telegram channels distributing infostealer output (RedLine, Raccoon, Vidar, LummaC2, Stealc, Meta) that includes targets in the country. Operators use these for live credentials, cookies, and session tokens. Cross- reference Russian Market, 2easy, Telegram cloud channels, Hudson Rock, and Flashpoint.

Source

Type

Site

Coverage

Notes

to be filled

to be filled

to be filled

to be filled

to be filled

Dating#

Dating apps and sites with material user base in the country. Operators use these for HUMINT development, pretexting, geolocation (proximity features), and lifestyle indicators. Note local-language sites; pan-regional apps often have smaller share than the local incumbent.

Site

URL

Users

Notes

to be filled

to be filled

to be filled

to be filled

Social#

Social-media platforms with material reach in the country. Note which are dominant (Facebook, Telegram, VK, WeChat, LINE, Kuaishou, Naver, OK.ru, etc.), which are blocked, and which are subject to local registration or data-localisation requirements.

Platform

URL

Users

Status

Notes

to be filled

to be filled

to be filled

to be filled

to be filled