Exposing GCHQ's URL Shortening Service - An OSINT Analysis

I've recently decided to come up with a proper analysis on a well known GCHQ URL shortening service used for monitoring purposes where the ultimate goal would be to provide additional insights into its Internet-connected infrastructure and try to find additional links and connections between related campaigns courtesy of the GCHQ

Sample URL known to have been involved in the campaign:

hxxp://lurl.me

Related domains known to have been involved in the campaign include:

hxxp://mhhiuag.com

hxxp://lhgeesp.biz

hxxp://ciwcesp.com

hxxp://lhgeesp.net

hxxp://ciwcesp.biz

Sample related responding IPs known to have been involved in the campaign include:

hxxp://198.105.254.11

hxxp://37.220.34.116

hxxp://109.235.48.3

hxxp://64.74.223.47

hxxp://198.105.244.11

Sample screenshots include:







Rogue Twitter accounts known to have been involved in the campaign include:
hxxp://twitter.com/2009iranfree
hxxp://twitter.com/MagdyBasha123
hxxp://twitter.com/TheLorelie
hxxp://twitter.com/Jim_Harper
hxxp://twitter.com/angelocerantola
hxxp://twitter.com/recognizedesign
hxxp://twitter.com/akhormani
hxxp://twitter.com/FNZZ
hxxp://twitter.com/GlenBuchholz
hxxp://twitter.com/enricolabriola
hxxp://twitter.com/katriord
hxxp://twitter.com/ShahkAm147
hxxp://twitter.com/Pezhman09
hxxp://twitter.com/jimsharr
hxxp://twitter.com/blackhatcode

I'll continue monitoring the development of this campaign and I'll post updates as soon as new developments take place.

In Retrospective - A New Malware Bot Vector Spotted in the Wild - An OSINT Analysis

I've recently came across to a new malicious software release that has some pretty interesting and what can be best described as advanced form grabbing features and I've decided to further elaborate on some of its key features which basically include advanced form grabbing features for a variety of applications and web services which makes the malicious software release a pretty important release in the context of introducing new and novel features within the cybercrime ecosystem.

Sample screenshots:






I'll continue monitoring the development of this malicious software release and I'll post updates as soon as new developments take place.

In Retrospective - A New DIY Herpes Botnet Builder Spotted in the Wild - An OSINT Analysis

I've recently came across to a new malicious DIY botner builder release and I've decided to sharing my findings including some screenshots with the idea to share as much information as possible regarding this new malicious software release including to improve everyone's situational awareness.

Sample screenshots:




Among the key features of the new DIY botnet building tool is the geographical distribution of the affected hosts on a global map where the ultimate goal for the malware coders behind the release of this malicious software would be to make it easier for their clients to keep track of newly infected hosts.

Related MD5s known to have been involved in the campaign include:

MD5: cdb54a3654ff2fdda7e90c48cbacda02

I'll continue monitoring the development of this DIY botnet builder and will post updates as soon as new developments take place.

In Retrospective - A New Dedal DDoS Bot Spotted in the Wild - An OSINT Analysis


I've recently stumbled upon yet another recently released DDoS bot which is basically offering standard features typical for such malicious software releases and is aiming to differentiate its cybercrime ecosystem proposition by offering different pricing mechanisms to its potential clients.



I'll continue monitoring the development of this DDoS bot and will post updates as soon as new developments take place.

In Retrospective - A New E-Shop for Compromised PCs Spotted in the Wild - An OSINT Analysis


I've recently spotted a newly launched E-shop for compromised PCs where the ultimate goal would be to use the actual access to the compromised PCs for setting up the foundations for a successful botnet propagation campaign including to actually use them for data mining purposes where the ultimate goal would be to look for accounting data for major Web properties.

The E-Shop offers access to a variety of compromised PCs based in different geographical locations where the ultimate goal would be to make it easier for the client to properly segment the compromised PCs population in the context of only acquiring compromised PC hosts based on their actual geographical needs.

I'll continue monitoring the development of the E-Shop and will post updates as soon as new developments take place.

In Retrospective - A New Armageddon DDoS Bot - An OSINT Analysis


I've decided to share with everyone a recently released Armaggeddon DDoS bot which aims to differentiate itself from by offering not just standard DDoS bot features and functionalities but also the fact that it's under currently active development by the malware authors behind it with the idea to position it as a market leading DDoS bot where the ultimate goal would be to acquire new clients.

The bot offers a variety of DDoS attack features and despite the rather modest GUI it has the capacity to cause widespread damage based on the number of affected users internationally.

I'll continue monitoring the actual development of the bot and post updates as soon as new developments take place.

In Retrospective - A New Anthena DDoS Bot Spotted in the Wild - An OSINT Analysis

I've decided to resume posting posts part of my upcoming blog post series called "In Retrospective" where my aim is to share interesting findings from across the cybercrime ecosystem in the context of new malicious software releases and various other cybercrime ecosystem underground market propositions with the idea to offer a unique peek inside today's modern cybercrime ecosystem.

Case in point is the Anthena DDoS bot which as a variety of unique features and should be considered a quite recent release in the context of having users buy it and actually use it to build botnets and launch new DDoS attacks against their victims.

Sample screenshot of the malicious software in action:









It should be fairly easy to conclude that every time the bad guys launch a new DDoS bot on the market the actual lifecycle of the malicious software release is prone to grow and extend to the point where it's lifecycle is proportion with the general availability of new features including various ways in which antivirus solutions might fail to detect the new malicious software release including possibly a well documented source code which could be offered for sale potentially improving the lifecycle of the malicious software including the actual introduction of new features courtesy of third-parties which also include the general public including malicious software authors who might be interested in possibly introducing new features largely thanks to a publicly accessible source code.

Sample Screenshots of TDoS (Telephony Denial of Service) Tools - An OSINT Analysis

Did you know that for a modest financial investment you could basically outsource the taking down of someone including your competitor's mobile phones including an organization's entire phone system by basically hiring a Russian based TDoS (Telephony Denial of Service) provider which basically utilizes various publicly accessible DoS (Denial of Service) attack techniques that also includes the automated breaking of CAPTCHA for the purpose of registering hundreds of  rogue and bogus accounts where the ultimate goal would be to use them in bulk for the purpose of launching a TDoS (Telephony Denial of Service) attack against a victim including the competition which could also mean an organization's entire phone system based on the actual requirements of the individual ousourcing the attack to the Russian based provider of TDoS (Telephony Denial of Service) attack services.

I've recently decided to dig a little bit deeper inside this booming market segment within the cybercrime ecosystem and basically found a multitude of various propositions courtesy of different providers where the potential user of these services could also get a price bargain on their way to obtain and launch a TDoS (Telephony Denial of Service) against a victim including a competitor which could also mean an organization's entire phone system.
















I'll continue taking a deeper look inside the currently emerging and actually booming cybercrime ecosystem market segment for TDoS (Telephony Denial of Service) attacks and I'll post updates as soon as new developments take place.

Shots from the Wild West - Sample Compilation of RATs (Remote Access Tools) and Trojan Horses Screenshots - An OSINT Analysis - Part Two

Dear blog readers,

I've decided to share with everyone a personal compilation portfolio of currently and historically active RATs (Remote Access Tools) and trojan horses for the purpose of improving everyone's situational awareness including to improve your technical collection skills and capabilities.

Sample screenshots:







































































































































































































































































































































































































































































































































































Stay tuned!