Digital Asset Redemption logo


Digital Asset Redemption FAQ's

 

Monitoring

  • What can you monitor for on the dark web?

    We can monitor for a variety of covered attributes such as IP addresses, domains, business-critical technologies, VIP individuals, and third parties such as contractors and suppliers.

  • What are “covered attributes”?

    Covered attributes are the criteria we monitor for on the dark web. During onboarding The DAR Team will work with you to establish which attributes will provide the most benefit for your company. Options include: IP addresses, domains, business-critical technologies, VIP individuals, and third parties such as contractors and suppliers.

  • Can you monitor for individual names as well as companies?

    Yes! Individual names (such as executives or high profile individuals) are available to monitor as covered attributes.

  • How is this different from other (traditional) dark web monitoring?

    Traditional dark web monitoring is an important part of any security stack, but is stuck at automated monitoring and can only reach the most surface or “public”-facing dark web intelligence. Our operatives are embedded in private, invite-only forums, Telegram channels, and other comms that automated scans can’t reach. Because of this, we are also able to take covert actions that won’t raise alarms or retaliation from the threat actors.

  • What do alerts look like?

    When we find a threat we follow the Traffic Light Protocol (TLP) alerting designations and provide supporting details as well as a recommended course(s) of action (COA) for you. We will discuss these COA(s) and then – if necessary – act on them with your approval or provide relevant information to the appropriate teams to assist with threat hunting.

  • How often will I get alerts?

    DRK_MDR is “quiet by design.” This means you won’t be sifting through mountains of alerts, but when you get an alert from us, you’re going to want to address it. Think of us like undercover field operatives as opposed to beat patrols.

Response

  • What does dark web response look like?

    It varies. Sometimes this means you will need to address an exploitable vulnerability in your technology or user’s access. Other times it could involve purchasing a data set or credentials while acting as another threat actor so as not to arouse suspicion. Every DRK_MDR alert comes with an informed, actionable recommended course of action (COA) for you.
  • Will you take action without telling us?

    Absolutely not.
  • How will we be alerted to threats?

    When we find a threat we follow the Traffic Light Protocol (TLP) alerting designations and provide supporting details as well as a recommended course(s) of action (COA) for you and alert you via email and in the DRK_CACHE platform. We will discuss these COA(s) and then – if necessary – act on them with your approval or provide relevant information to the appropriate teams to assist with threat hunting.
  • Is this legal?

    Yes. Nothing we do is illegal, including interacting with sanctioned threat actors.We do not hack into anyone’s systems and work with law enforcement agencies around the globe

Compliant Payments

  • Will you make payments without telling us?

    No! Never! Any and all payments – big or small – will always need to be explicitly approved by the designated contacts at your organization.
  • What does “compliant payments” mean?

    We perform advanced attribution analysis to verify a payee’s identity, assess risk, and ensure payments don't violate sanctions. Our process includes crypto wallet management, compliance screening, and documentation of all due diligence steps. We work with authorities such as The Office of Foreign Asset Control (OFAC), Global Affairs Canada, Security Council Consolidated List - United Nations, Consolidated List of Persons, Groups and Entities - EU, and more.
  • How do you know the crypto payments are going to the right place?

    We verify threat actor identities and wallet ownership through forward-deployed intelligence before any transaction. This includes tracing cryptocurrency flows and validating wallet addresses to prevent payments to impersonators or wrong parties. This process includes analyzing transaction patterns, wallet behaviors, and exchange relationships to confirm the payment destination matches our attribution intelligence.

Negotiations

  • Will you make payments without telling us?

    No! Never! Any and all payments – big or small – will always need to be explicitly approved by the designated contacts at your organization.
  • What does “compliant payments” mean?

    We perform advanced attribution analysis to verify a payee’s identity, assess risk, and ensure payments don't violate sanctions. Our process includes crypto wallet management, compliance screening, and documentation of all due diligence steps. We work with authorities such as The Office of Foreign Asset Control (OFAC), Global Affairs Canada, Security Council Consolidated List - United Nations, Consolidated List of Persons, Groups and Entities - EU, and more.
  • How do you know the crypto payments are going to the right place?

    We verify threat actor identities and wallet ownership through forward-deployed intelligence before any transaction. This includes tracing cryptocurrency flows and validating wallet addresses to prevent payments to impersonators or wrong parties. This process includes analyzing transaction patterns, wallet behaviors, and exchange relationships to confirm the payment destination matches our attribution intelligence.