XARVIS

AI-powered Cybercrime Intelligence Platform. Collects and refines threat data from anonymous channels including Dark web, Telegram and social media platforms. Track cybercrimes with graph analysis and user profiling tools.

Product Overview
About XARVIS
  • About XARVIS
  • Why XARVIS?
  • Key features
  • Use Cases
Cybercrime Intelligence Platform
Connect clues to gain investigative insight

XARVIS is a comprehensive deep and dark web monitoring and data-collection solution that covers anonymous channels such as the dark web, Telegram, and social media. Built to support national security and investigative work, it gathers and organizes information that can be used to track specific cyber incidents and monitor scam-related activity, including the individuals and groups behind them.​

World's First Dark Web Specialized AI Language Model

Powered by DarkBERT, the world’s first language model specialized for the dark web, XARVIS refines and analyzes data from hidden channels, user behavior patterns, and crypto flows to uncover how threat actors operate. It provides clear, actionable intelligence that supports effective cybercrime investigation and threat analysis.​

Importance of Dark Web Monitoring
Why XARVIS?
Real-Time Evidence Collection

XARVIS automatically gathers text, images, files, and activity traces from hidden channels, giving investigators quick access to original context and searchable evidence.

- Continuous monitoring across the Deep & Dark Web, Telegram, and social media
- Unified search with original-page access, including edited or deleted posts
- Fast retrieval of evidences needed to establish incident context

Connecting Clues to Identify Threat Actors

Scattered identifiers, crypto addresses, and metadata are consolidated and visualized, making it easier to see relationships and follow investigative leads.

- Graph Analysis for multi-domain correlation
- Mapping links across Bitcoin addresses, Telegram IDs, email accounts, and more
- Evidence Board views showing how clues fit together

Tracing Cryptocurrency Flow

XARVIS tracks wallet activity to reveal laundering routes and suspicious transfers.

- Distinguishes wallet types and summarizes transaction history
- GeoTrace surfaces location clues from crypto and IP data
- Integrated visualization of asset flow across networks

Querying Essential Investigative Intelligence

DarkCHAT lets investigators search and review large, complex criminal datasets through simple natural-language queries. It also provides access to real-time leak data, original posts, industry impact statistics, and similar case insights, helping streamline time-consuming investigative work.

XARVIS Key features
  • Dark Web / Telegram Monitoring
    - Collects posts, images, files, and identifiers in real time
    - Detects emerging threats and anomalies early
    - Helps establish incident context and secure supporting evidence from scattered clues
  • Social Media Browser
    - Monitors social media activity in real time
    - Supports Facebook, Instagram, X (Twitter), WhatsApp, VK, Discord, and more
    - Collects usernames, activity information, and related signals
  • User Profiling
    - Classifies threat actors by country and industry, and evaluates risk levels
    - Aggregates posts, links, activity timelines, and behavioral or linguistic patterns
    - Tracks changes in user details, including nickname history
  • Geolocation Tracking
    - Extracts metadata such as GPS coordinates, crypto clues, and IP information
    - Estimates activity regions and movement patterns
    - Analyzes connection behavior through combined geospatial data
  • Chronological Browser
    - Captures volatile Dark Web data in real time
    - Tracks edits and deletions through a chronological view of changes
    - Provides an interface identical to the original Dark Web pages
  • Search Engine for Cybercrime Investigation
    - Enables integrated search across cybercrime-related data from multiple anonymous channels
    - Applies multi-source collection and processing technologies for diverse data types
    - Allows precise filtering and operator-based queries tailored to crime type or investigative purpose
XARVIS Use Cases
Use Case 1
Use Case 2
Use Case 3
Use Case 4
Use Case 5
Use Case 6
Use Case 7
Dark Web Search

XARVIS utilizes 'DarkBERT,' a Dark Web specialized language model developed by S2W's AI team, to classify and provide threat information by category. This technology automatically analyzes the posts uploaded to hacking forums, identifying the targeted countries and industries, making it easier to monitor on a country-by-country and industry-specific basis. S2W's AI calculates threat levels, presenting the most dangerous content in order.

When a specific country is selected, users can assess the damage distribution across different industries within that country. Furthermore, users can explore the top 5 users targeting that country and the frequency of damage in comparison to neighboring countries.

Telegram Search

Cybercrime is increasingly prevalent not only on the Dark Web but also within Telegram channels. The Telegram search feature is a newly added functionality that allows keyword-based searching of various crime-related Telegram channels collected by S2W.

Telegram channels integrated into the XARVIS platform are typically categorized under hacking, drugs, malware, hactivists’ activities, and more.

By entering drug-related slang terms into the Telegram search bar, users can access actual chat logs containing those keywords. This enables the identification of Telegram channels involved in illegal drug trading and their sellers. This information can be cross-referenced with other data in XARVIS, such as Bitcoin addresses, to track down sellers.

* Please note that this feature is in Beta version, and its public release schedule is currently undefined. Additional features and changes may occur upon public release, expected in the year '24.

* Please note that this feature is in Beta version, and its public release schedule is currently undefined. Additional features and changes may occur upon public release, expected in the year '24.

Tracking Threat Actors #1

XARVIS's cross-analysis tool enables the tracking of threat actors effectively. XARVIS continuously collects real-time identifiers related to threat actors, and users can leverage this collected data for cross-analysis.

In 2022, XARVIS detected the activities of a user named 'Lost_Key' targeting Indonesia on the global hacking forum 'Breached.' XARVIS collected this user's cryptocurrency address and Telegram address. Furthermore, it confirmed that the collected cryptocurrency address was associated with the renowned cryptocurrency exchange 'Binance.'

By utilizing XARVIS's cross-analysis tool, law enforcement agencies and security professionals can identify the identity of threat actors. This powerful tool enhances their ability to uncover and trace the individuals behind cyber threats, ultimately contributing to improved cybersecurity and threat mitigation efforts.

Tracking Threat Actors #2

XARVIS's threat actor analysis tool can effectively track users who operate with multiple identities on the Dark Web and Telegram.

In 2022, XARVIS detected the activity logs of a user named 'okito,' who was continuously targeting Singapore. This user was active on the global hacking forum 'Breached' and left their Telegram address in dozens of posts.

By tracing the Telegram address, XARVIS discovered that the same Telegram address was posted in messages authored by 'ttyper,' who had detected traces of access denial on the hacking forum.

This demonstrates how XARVIS can consistently track users who employ multiple identities on hacking forums, enhancing the ability to monitor and respond to potentially malicious activities effectively.

Identifying New Threat Domains

XARVIS collects approximately 150 new Dark Web domains on a daily basis. It leverages the 'DarkBERT' language model developed by S2W's AI team to automatically classify these collected domains into categories such as drugs, finance, hacking, weapons sales, and more.

This functionality enables organizations in specific sectors to periodically monitor threat websites relevant to their industry. For example, a drugs investigation agency can gather information on newly created drugs trading sites and utilize the data collected from these sites for their investigations.

By using XARVIS's automated classification and monitoring capabilities, organizations can stay vigilant against emerging threats and make informed decisions to bolster their cybersecurity efforts.

Global Issue Monitoring

XARVIS provides the capability to monitor global issues that are gaining attention on the Dark Web.

Following the outbreak of the Russia-Ukraine war, the Dark Web saw a variety of opinions and discussions on this topic. Posts distributing the personal information of major government agencies, businesses, and citizens from both countries were frequently detected.

Similarly, after the outbreak of the Israel-Palestine conflict, XARVIS identified trends similar to those observed during the Russia-Ukraine war.

In this manner, XARVIS can concentrate on monitoring specific topics and detect related illegal transactions and harmful content. This enables organizations to stay informed about emerging issues and potential threats within these discussions on the Dark Web.

Monitoring Server Access Permissions for Sale

XARVIS allows users to monitor the sale and demand for internal network access permissions of specific country-based companies by entering specific keywords.

For example, if a post appears on the Dark Web offering account information that can access the internal servers of a specific institution in South Korea, XARVIS detects this post and sends an alert. Such leaked accounts could be exploited by threat actors to compromise internal servers, leading to potential disruption or ransomware attacks.

In order to respond quickly to such situations and prevent the spread of damage, regular monitoring and detection of account leaks are essential. XARVIS provides the necessary tools to proactively address these security concerns and protect organizations from potential threats.