Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude

Monday, August 29, 2016

Managed SWF Injection Cybercrime-friendly Service Fuels Growth Within the Malvertising Market Segment

Cybercriminals, continue, launching, new, cybercrime-friendly, services, aiming, to, diversify, their, portfolio, of, fraudulent, services, while, earning, tens, of, thousands of fraudulent revenue in the process. Thanks, to, a vibrant, cybercrime ecosystem, and, the, overall, availability, of, DIY (do-it-yourself) type of, malicious, software, generating, tools, cybercriminals, continue, diversifying, their, portfolio, of, fraudulent, services, while, earning, tens, of, thousands, of, fraudulent, revenue, in, the, process.

Largely, relying, on, a diversified, set, of, tactics, techniques, and, procedures, cybercriminals, often, rely, on, automated, and, systematic, compromise, of, vulnerable, Web sites, for, the, purpose, of, active, traffic, acquisition, tactics, to hijack, intercept, and, monetize, the, acquired, traffic, for, the, purpose, of, earning, fraudulent, revenue, in, the, process. Thanks, to, a, vibrant, cybercrime-friendly, ecosystem, cybercriminals, continue, actively, hijacking, intercepting, and, monetizing, the, acquired, traffic, for, the, purpose, of, earning, fraudulent, revenue, in, the, process.

In, this, post, we'll discuss, a, newly, launched, managed SWF injecting, type, of, cybercrime-friendly, service (108.162.197.62), provide actionable, intelligence, on, the, infrastructure, behind, it, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind it.

Malicious MD5s known to have been downloaded from the same C&C server IP (108.162.197.62):
MD5: 738ef8e826b5f9070f555dc8d5e3320f
MD5: 8dddf1d1786ff72adc60057305f4f2c9
MD5: 0042ef6b151d68824999ed27e320ab7b
MD5: ea0f806840a8f1765994d2941d24a18a
MD5: 9d0e32a4f1d4fb348f70f235e9731363

Related malicious MD5s known to have phoned back to the same C&C server IP (108.162.197.62):
MD5: 4e108296f11d99e56be375dcab2e03d4
MD5: 8f696a2995aa56be5a7fe6ac8639e94a
MD5: 2aa4fedd2626f4a210d13a356cf721a1
MD5: 822606bb2f5a86bd20e4d111705c9e99
MD5: 6267650eb343bc1fb063233aaf398c9a

The, service, is, currently, offering, basic, type, of, account, registration, process, priced, at $100, and, premium, type, of, account, registration, process, priced, at, $1,000.

We'll continue, monitoring, the, market, segment, for, malvertising, type, of, managed, cybercrime-friendly, services, and, post, updates, as, soon, as, new, developments, take, place.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me dancho.danchev@hush.com

Sunday, August 28, 2016

Managed Hacked PCs as a Service Type of Cybercrime-friendly service Spotted in the Wild

With the cybercrime ecosystem, persistently, supplying, new, malware, releases, cybercriminals continue occupying multiple market segments, within, the, cybercrime, ecosystem, generating, tens, of, thousands, of fraudulent revenue, in, the, process, potentially, empowering, new market entrants, with, the, necessary, tools, and, know-how, to, continue, launching, related, malicious, attacks, potentially, generating, tens, of, thousands, of fraudulent, revenue, in, the, process, while, targeting, users, internationally.

In this, post, we'll profile a newly, launched, managed hacked PCs, as, a, service, type, of cybercrime-friendly, service, and, discuss, in, depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind it.

Next to the overall availability of malware infected hosts empowering novice cybercriminals with the necessary tools and know, to, conduct, related, malicious attacks, cybercriminals, often, rely, on basic, market segmentation, approaches, further, taking, advantage, of the, affected, users, to, launch, related, managed cybercrime-friendly, type, of, managed, services.

The service is currently offering access to malware-infected hosts, in, the United States, Italy, France, Spain, Brazil, Argentina, and Poland, further, empowering, novice, cybercriminals, with, the, necessary, tools, and, know-how, to, continue, launching, related, malicious attacks.

We'll continue monitoring, the, market, segment, for, hacked PCs, and, post, updates, as, soon, as, new developments, take, place.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

Dancho Danchev

New Cybercrime-Friendly Service Offers Fake Documents and Bills on Demand

The market segment, for, fake, documents, and, bills, continues, flourishing, thanks, to, a, vibrant, cybercrime, ecosystem, offering, access, to, a, variety, of commoditized, underground, market, items, further generating fraudulent revenue for the cybercriminals behind it. Thanks to the overall availability of DIY (do-it-yourself) type of malware generating tools, and, the, overall prevalence, of money mule recruitment scams, allowing, cybercriminals, an easy access to basic risk-forwarding, tactics, cybercriminals, continue, generating, tens, of thousands, of fraudulent revenue in the process.

In this, post, we'll discuss a newly launched managed cybercrime service offering access to fake documents, stolen credit cards, and, fake, bills, and, discuss, in-depth, the tactics, techniques, and procedures, of, the, cybercriminals behind it.

The service is currently offering fake documents for Australia, Belgium, Brazil, Canada, Denmark, Estonia, Finland, France, Germany, Greece, Italy, India, Netherlands, Norway, Latvia, Lithuania, Poland, Romania, Slovakia, Slovenia, Sweden, United Kingdom, USA, Russia, and fake bills for, Australia, Austria. Canada, Czech Republic, Estonia, France, Finland, Germany, Irland, Italy, United Kingdom, Latvia, Norway, Romania, Slovakia, Sweden, Switzerland, USA, Spain, Russia, France, Ukraine.

We'll continue monitoring the market segment for fake documents, and, post, updates, as soon, as, new, developments, take place.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

Dancho Danchev

Wednesday, August 17, 2016

Newly Launched Cybercrime Service Offers Access to POS Terminals on Demand

Cybercriminals continue applying basic market segmentation concepts, to their underground market propositions, to further ensure, that, they're capable of targeting the right audience, potentially generating hundreds of thousands of fraudulently generating revenues in the process.

From basic, malware as a service underground market propositions, offering access to country, city, ISP based type of malware-infected hosts, to cybercrime-friendly services, offering access to malware-infected hosts converted to anonymization proxies, to further target additional market segments, within the cybercrime ecosystem, cybercriminals continue to utilize basic market segmentation concepts, based on the targeted population.

In this post, we'll discuss a newly launched managed service, offering access to POS (Point of Sale) terminals, further empowering, both, novice, and sophisticated cybercriminals, with the necessary access to commit related fraudulent activities.

The service is currently offering access to POS (Point of Sale) terminals, located, in the United States, Canada, Australia, United Kingdom, the Netherlands and Germany, priced between $30 and $50 for access to a POS (Point of Sale) terminal.

Cybercriminals, continue relying on basic data mining concepts, while utilizing the overall target population, further, ensuring that their market-relevant propositions, while, continuing to generate fraudulent revenues, in, the, process.

We expect to continue observing an increase in underground market propositions, utilizing basic market segmentation concepts, further positioning, both, novice, and experienced market leaders, as relevant and competitive market participants, potentially generating tens of thousands of fraudulently obtained assets in the process.

Dancho Danchev

Managed Social Engineering Based Code Signing Generating Certificate Service Spotted in the Wild

Cybercriminals are masters of social engineering, potentially tricking, tens of thousands of users on a daily basis, into falling victims into fraudulent cybercrime-friendly campaigns, generating them, hundreds of thousands of fraudulent revenues, successfully, contributing to the growth of multiple underground market segments, within, the underground marketplace.

In this post, we'll discuss a newly launched service, empowering, both, novice, and experienced cybercriminals, with the necessary tools and know how, to further commit, fraudulent activities, in the form of socially engineered code signing certificates, obtained through the registration of bogus and non-existent companies.

Priced at $1,000 per certificate, the service is also offering discounts on a volume basis, including custom contacts based customization files, including detailed info about the rogue company, used in the code signing process. Relying on basic 'visual social engineering' concepts, cybercriminals are perfectly positioned, to execute a successful campaign on a mass scale, or in a targeted nature, successfully targeting tens of thousands of users.

We expect to continue observing relevant code signing as a service, type of cybercrime-friendly propositions, within the cybercrime ecosystem, with more market vendors, entering the market segment, further positioning themselves, as market leaders, through basic market segmentation, and efficient social engineering techniques.

Dancho Danchev

Spam-friendly Image Randomization Tool Released on the Underground Marketplace

Cybercriminals, continue applying basic QA (Quality Assurance) processes, to their fraudulent campaigns, on their way to achieve a posive ROI (Return on Investment) out of their fraudulent activities.

In this post, we'll discuss a newly launched commercial tool, that's capable of generating unique images, for the purpose of tricking spam filters, in an attempt to trick end users into falling victim into the fraudulent campaign.

Priced at $25, the API-enabled tool is capable of converting a regular image, executed in a spam campaign, into a new one, successfully bypassing spam filters, exposing end users to fraudulent attempts, generating fraudulent revenue, for the cybercriminals behind the campaign.

We expect to continue observing an increase in QA (Quality Assurance) driven underground market propositions, leading to a successful set of fraudulent propositions, dominating the underground marketplace.

Dancho Danchev

Tuesday, August 16, 2016

Cybercriminals Offer Fake/Fraudulent Press Documents Accreditation On Demand

In a cybercrime ecosystem, dominated by fraudulent market propositions, and new market entrants occupying new market segments on a daily basis, cybercriminals are perfectly positioned, to continue offering, commoditized underground market goods, such as, for instance, fake documents, for the purpose of generating fraudulent revenue, while empowering fellow cybercriminas, with the necessary tools to further commit fraudulent activities.

In this post, we'll, discuss a newly launched service, offering fake press accreditation documents, and discuss the overall relevance of the service, in the context of the underground marketplace's ongoing commoditization, basic market segmentation concepts, as well as newly applied concepts such as DIY (do-it-yourself) type of services, and basic OPSEC with QA (Quality Assurance) in mind.

The service is currently offering custom-made press accreditation documents for the Russian Federation, allowing potential cybercriminals the ability to access press-free zones, potentially commiting related fraudulent activities.

The price varies between $62 and $130 depending on the number of fake documents requested, including the option to request anonymous delivery of the fake documents.

Thanks to a vibrant DIY (do-it-yourself) custom-based type of fake documents generating market segment, cybercriminals, have also successfully managed to efficiently streamline the process of generating these documents, applying, both, basic OPSEC (Operational Security) measures in place, to ensure that they're perfectly positioned to reach to their targeted audience, while preserving a decent degree of their operational procedures, as well as Q&A (Quality Assurance) processes, to further ensure the quality of their underground market proposition.

We expect to continue observing a decent supply of segmented market propositions, targeting, both, novice and experienced cybercriminals, seeking to obtain fake documents, on their way to commit related fraudulent activities.

Newly Launched 'Scanned Fake Passports/IDs/Credit Cards/Utility Bills' Service Randomizes and Generates Unique Fakes On The Fly

Vendor of Scanned Fake IDs, Credit Cards and Utility Bills Targets the French Market Segment

Cybercriminals Offer High Quality Plastic U.S Driving Licenses/University ID Cards

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

Dancho Danchev

Who is Dancho Danchev?

Dancho Danchev is the world's leading expert in the field of cybercrime fighting and threat intelligence gathering having actively pioneered his own methodology for processing threat intelligence throughout the past decade following a successful career as a hacker-enthusiast in the 90's leading to active-community participation and contribution as a Member to WarIndustries, List Moderator at BlackCode Ravers, Contributor to Black Sun Research Facility (BSRF) List Moderator Software Contributor (TDS-2 Trojan Information Database) at DiamondCS Trojan Defense Suite, contributor to LockDownCorp, Contributor to HelpNetSecurity, Managing Director of Astalavista Security Group's Astalavista.com - The Underground, a Security Consultant for Frame4 Security Systems, contributor to TechGenix's WindowSecurity.com, security blogger for ZDNet Zero Day, Threat Intelligence Analyst for Webroot, leading to a successful set of hundreds of high-quality anaysis and research articles published at the industry's leading threat intelligence blog - ZDNet's Zero Day, Dancho Danchev's Mind Streams of Information Security Knowledge and Webroot's Threat Blog with his research featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine currently producing threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge.

With his research featured at RSA Europe, CyberCamp, InfoSec, GCHQ and Interpol the researcher continues to actively produce threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge publishing a diverse set of hundreds of high-quality research analysis detailing the malicious and fraudulent activities at nation-state and malicious actors across the globe.

What is Disruptive Individuals?

Disruptive Indivuduals is a research-intensive data-driven company successfully establishing the world's largest snapshot of malicious cybercrime activity for the purpose of offering the industry the world's most versatile portfolio of malicious cybercrime-driven services successfully positioning itself as the world's leading provider of real-time intelligence-driven services and product portfolio including cybercrime-research data malicious activity profiling services and custom-tailored intelligence assessments successfully positioning the company as the world's leading provider of cybercrime-data driven research-intensive intelligence data-driven company.

What is Astalavista Security Group?

Astalavista Security Group 2.0 - The Underground is Europe's oldest running and most popular international hacking and security brand successfully serving the needs of millions of users globally throughout the decade successfully converting hundreds of thousands of unique users into loyal long-term type of customers and premium members of the portal. Following the original split of the original founding partners prozac and r00tless a new kid on the block acting as Managing Director circa 2003-2006 - Dancho Danchev - decided to undertake the initiative to lauch and re-surrect the portal the way we know it - the Scene's most popular hacking and computer security Web Site in an attempt to once again re-position the Web site as the primary destination point for hackers/crackers/phreakers/anarchists.

What is Offensive Warfare 2.0?

Offensive Warfare 2.0 - The Future of Cyber Warfare is an international Pro-Western Hacking and Security Community managed and operated by the World's leading expert in the field of cybercrime research - Dancho Danchev - ex-hacker back in the infamous hacking spree back in the 90's. Its purpose is to spread information data and knowledge and educate millions of active users on current and emerging cyber threats and to provide general and in-depth discussion on current and emerging hacking and security technologies empowering the U.S Intelligence Community with the necessary data information and knowledge to stay on the top of its game.

What is the Obmonix Platform?

The Obmonix platform aims to build the World's most versatile and comprehensive sensor network for intercepting monitoring and responding to cybercrime and cyber jihad events successfully deploying a variety of proprietary sensor network based of honeypot appliances industry-wide partnership including the utilization of prorietary cybercrime and cyber jihad forum and community monitoring and infiltration campaigns successfully positioning the platform as the leading indicator for cybercrime and cyber jihad activity globally empowering the operator law enforcement and the security industry with then necessary tactics techniques and procedures (TTPs) for successfully responding and monitoring cybercrime and cyber jihad activity globally leading to successful launch of the Disruptive Individuals startup successfully serving the needs of the Intelligenge Community, the security industry and law enforcement agencies globally successfully anticipating an emerging set of malicious and fraudulent tactics techniques and procedures sucessfully protecting millions of users globally.

What is World Hacker Global Domination Group (WHGDG)?

World Hacker Global Domination Group (WHGDG) - the Dark Web's most popular single-page one-man hacking and security hacking group is a project launched by the World's Leading Expert in the field of cybercrime research security blogging and threat intelligence gathering - Dancho Danchev - who undertook the initiative to launch and re-surrect the portal the way we know it - the Dark Web's most popular hacking and computer security Web Site in an attempt to once again re-position the Dark Web Onion as the primary destination point for hackers/crackers/phreakers/anarchists.