b1ack’s_stash
B1ack’s Stash is a prominent dark web carding marketplace and illicit stolen payment card shop that has operated since at least 2023. It is described as one of the most active stolen card marketplaces on the dark web. The operator, using the alias B1ack, is described as an experienced actor in the underground carding scene who was previously active on Russian-speaking hacker forums and recognized as a skilled card fraud specialist. The marketplace’s announcements have appeared in both English and Russian. B1ack’s Stash specializes in trafficking stolen payment card data, including full card numbers, expiration dates, CVV2 codes, cardholder names, billing addresses, email addresses, phone numbers, and IP addresses. Reporting cited in the content assesses the data format as typical of carding databases and suggests the records likely originate from e-skimming or phishing operations, with the geographic distribution indicating multiple campaigns rather than a single regional source. The marketplace has repeatedly used large free releases of stolen card data as part of its operating pattern. It released approximately 4.6 million stolen credit card records for free after suspending sellers accused of reselling purchased data on competing platforms, and stated that roughly 8 million CVV2 records had been suspended from active inventory. It has also previously used free data releases as a marketing tactic, including a giveaway of one million cards to new registrants in April 2024 and large free releases in February 2025. The content also states that B1ack’s Stash planned to launch a new card database. Victim data in the referenced release was heavily concentrated in the United States, which accounted for roughly 70% of records, with additional concentration in Canada, the United Kingdom, France, Malaysia, and other locations including Hong Kong, Singapore, and Thailand. The exposed data creates risk of card-not-present fraud, identity theft, fraudulent account or loan applications, and targeted phishing. Known alias: B1ack’s Stash.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Banks
Where they target
Geographies tied to known operations.
- 🇺🇸 United States
- 🇨🇦 Canada
- 🇬🇧 United Kingdom
- 🇫🇷 France
- 🇲🇾 Malaysia
- 🇭🇰 Hong Kong SAR China
- 🇸🇬 Singapore
- 🇹🇭 Thailand
Tradecraft
4 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A carding marketplace operating on the dark web that distributes stolen payment card data and uses large free data dumps as both punishment for sellers and a marketing tactic to attract users and drive traffic.
Dark web carding marketplace operating since at least 2023 that buys and sells stolen payment card data and periodically releases millions of stolen credit card records for free to grow its user base, reinforce marketplace credibility, and police seller behavior.
B1ack’s Stash is a dark web marketplace specializing in the sale of stolen credit and debit card data (CCNs, CVVs, FULLZ). It is known for aggressive promotional tactics, including large-scale free leaks of stolen card data, and operates independently with a focus on financial fraud. The market targets individuals, financial institutions, and businesses globally, facilitating identity theft, unauthorized transactions, and corporate fraud.
B1ack’s Stash is a dark web marketplace specializing in the sale of stolen credit and debit card data (CCNs, CVVs, FULLZ). It is known for aggressive promotional tactics, including large-scale free leaks of stolen card data, and operates independently rather than as a rebrand of previous markets. The market is run by an experienced carder active in Russian-speaking forums and uses phishing, web skimming, and other data harvesting techniques to acquire card data. It poses a significant threat to individuals, financial institutions, and businesses worldwide.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.