Abstract
Many people involved in malicious cyber activity rely on online environments to improve their hacking skills and capabilities, among which, darkweb marketplaces are one of the most prevalent. Vendors advertise and sell their wares worldwide on those markets, generating communities of like-minded individuals focused on sub fields of hacking. As there is no direct communication between vendors in these environments, identifying the communities formed by them becomes challenging; especially with the absence of ground truth knowledge to validate the results. In this paper, we develop a method based on Machine Learning and Social Network Analysis (SNA) to identify and validate communities of malware and exploit vendors, using product offerings in 20 different marketplaces on the darkweb. To validate the viability of our approach, we cross-validate the community assignments of common individuals selling their products on two mutually exclusive sets of marketplaces, demonstrating how the multiplexity of social ties can be used to detect and validate communities of malware and exploit vendors.