Logs reveal how the group handled ransom negotiations, target selection, and internal payroll. Technical Metadata: Each entry typically includes: ts : Timestamp of the message.
This specific JSON file contains Jabber (XMPP) chat logs from February 26, 2022 . 185.25.51.173-20220226.json
from / to : Onion addresses or handles of the sender and recipient. body : The actual message text, often in Russian. 🛠️ Use in Data Science/Security Logs reveal how the group handled ransom negotiations,
or perform sentiment analysis on the Russian text. Map the network of IP addresses mentioned within the chats. When the hackers get hacked - Northwave Cyber Security from / to : Onion addresses or handles
The filename prefix 185.25.51.173 is the IP address of the server where the chat logs were hosted or intercepted. 🔍 Key Features of the Data
Many academic platforms, such as Course Hero , use these files for and Threat Intelligence exercises, where students are tasked to: Parse JSON structures into readable formats.
The data was leaked by a pro-Ukrainian insider in February 2022 following the Conti Group's public support for the Russian invasion of Ukraine.