Cybercriminals, continue, launching, new, cybercrime-friendly, services, aiming, to, diversify, their, portfolio, of, fraudulent, services, while, earning, tens, of, thousands of fraudulent revenue in the process. Thanks, to, a vibrant, cybercrime ecosystem, and, the, overall, availability, of, DIY (do-it-yourself) type of, malicious, software, generating, tools, cybercriminals, continue, diversifying, their, portfolio, of, fraudulent, services, while, earning, tens, of, thousands, of, fraudulent, revenue, in, the, process.
Largely, relying, on, a diversified, set, of, tactics, techniques, and, procedures, cybercriminals, often, rely, on, automated, and, systematic, compromise, of, vulnerable, Web sites, for, the, purpose, of, active, traffic, acquisition, tactics, to hijack, intercept, and, monetize, the, acquired, traffic, for, the, purpose, of, earning, fraudulent, revenue, in, the, process. Thanks, to, a, vibrant, cybercrime-friendly, ecosystem, cybercriminals, continue, actively, hijacking, intercepting, and, monetizing, the, acquired, traffic, for, the, purpose, of, earning, fraudulent, revenue, in, the, process.
In, this, post, we'll discuss, a, newly, launched, managed SWF injecting, type, of, cybercrime-friendly, service (108.162.197.62), provide actionable, intelligence, on, the, infrastructure, behind, it, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind it.
Malicious MD5s known to have been downloaded from the same C&C server IP (108.162.197.62):
MD5: 738ef8e826b5f9070f555dc8d5e3320f
MD5: 8dddf1d1786ff72adc60057305f4f2c9
MD5: 0042ef6b151d68824999ed27e320ab7b
MD5: ea0f806840a8f1765994d2941d24a18a
MD5: 9d0e32a4f1d4fb348f70f235e9731363
Related malicious MD5s known to have phoned back to the same C&C server IP (108.162.197.62):
MD5: 4e108296f11d99e56be375dcab2e03d4
MD5: 8f696a2995aa56be5a7fe6ac8639e94a
MD5: 2aa4fedd2626f4a210d13a356cf721a1
MD5: 822606bb2f5a86bd20e4d111705c9e99
MD5: 6267650eb343bc1fb063233aaf398c9a
The, service, is, currently, offering, basic, type, of, account, registration, process, priced, at $100, and, premium, type, of, account, registration, process, priced, at, $1,000.
We'll continue, monitoring, the, market, segment, for, malvertising, type, of, managed, cybercrime-friendly, services, and, post, updates, as, soon, as, new, developments, take, place.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Monday, August 29, 2016
Managed SWF Injection Cybercrime-friendly Service Fuels Growth Within the Malvertising Market Segment
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Sunday, August 28, 2016
Managed Hacked PCs as a Service Type of Cybercrime-friendly service Spotted in the Wild
With the cybercrime ecosystem, persistently, supplying, new, malware, releases, cybercriminals continue occupying multiple market segments, within, the, cybercrime, ecosystem, generating, tens, of, thousands, of fraudulent revenue, in, the, process, potentially, empowering, new market entrants, with, the, necessary, tools, and, know-how, to, continue, launching, related, malicious, attacks, potentially, generating, tens, of, thousands, of fraudulent, revenue, in, the, process, while, targeting, users, internationally.
In this, post, we'll profile a newly, launched, managed hacked PCs, as, a, service, type, of cybercrime-friendly, service, and, discuss, in, depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind it.
Next to the overall availability of malware infected hosts empowering novice cybercriminals with the necessary tools and know, to, conduct, related, malicious attacks, cybercriminals, often, rely, on basic, market segmentation, approaches, further, taking, advantage, of the, affected, users, to, launch, related, managed cybercrime-friendly, type, of, managed, services.
The service is currently offering access to malware-infected hosts, in, the United States, Italy, France, Spain, Brazil, Argentina, and Poland, further, empowering, novice, cybercriminals, with, the, necessary, tools, and, know-how, to, continue, launching, related, malicious attacks.
We'll continue monitoring, the, market, segment, for, hacked PCs, and, post, updates, as, soon, as, new developments, take, place.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Next to the overall availability of malware infected hosts empowering novice cybercriminals with the necessary tools and know, to, conduct, related, malicious attacks, cybercriminals, often, rely, on basic, market segmentation, approaches, further, taking, advantage, of the, affected, users, to, launch, related, managed cybercrime-friendly, type, of, managed, services.
The service is currently offering access to malware-infected hosts, in, the United States, Italy, France, Spain, Brazil, Argentina, and Poland, further, empowering, novice, cybercriminals, with, the, necessary, tools, and, know-how, to, continue, launching, related, malicious attacks.
We'll continue monitoring, the, market, segment, for, hacked PCs, and, post, updates, as, soon, as, new developments, take, place.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
New Cybercrime-Friendly Service Offers Fake Documents and Bills on Demand
The market segment, for, fake, documents, and, bills, continues, flourishing, thanks, to, a, vibrant, cybercrime, ecosystem, offering, access, to, a, variety, of commoditized, underground, market, items, further generating fraudulent revenue for the cybercriminals behind it. Thanks to the overall availability of DIY (do-it-yourself) type of malware generating tools, and, the, overall prevalence, of money mule recruitment scams, allowing, cybercriminals, an easy access to basic risk-forwarding, tactics, cybercriminals, continue, generating, tens, of thousands, of fraudulent revenue in the process.
In this, post, we'll discuss a newly launched managed cybercrime service offering access to fake documents, stolen credit cards, and, fake, bills, and, discuss, in-depth, the tactics, techniques, and procedures, of, the, cybercriminals behind it.
The service is currently offering fake documents for Australia, Belgium, Brazil, Canada, Denmark, Estonia, Finland, France, Germany, Greece, Italy, India, Netherlands, Norway, Latvia, Lithuania, Poland, Romania, Slovakia, Slovenia, Sweden, United Kingdom, USA, Russia, and fake bills for, Australia, Austria. Canada, Czech Republic, Estonia, France, Finland, Germany, Irland, Italy, United Kingdom, Latvia, Norway, Romania, Slovakia, Sweden, Switzerland, USA, Spain, Russia, France, Ukraine.
We'll continue monitoring the market segment for fake documents, and, post, updates, as soon, as, new, developments, take place.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
In this, post, we'll discuss a newly launched managed cybercrime service offering access to fake documents, stolen credit cards, and, fake, bills, and, discuss, in-depth, the tactics, techniques, and procedures, of, the, cybercriminals behind it.
The service is currently offering fake documents for Australia, Belgium, Brazil, Canada, Denmark, Estonia, Finland, France, Germany, Greece, Italy, India, Netherlands, Norway, Latvia, Lithuania, Poland, Romania, Slovakia, Slovenia, Sweden, United Kingdom, USA, Russia, and fake bills for, Australia, Austria. Canada, Czech Republic, Estonia, France, Finland, Germany, Irland, Italy, United Kingdom, Latvia, Norway, Romania, Slovakia, Sweden, Switzerland, USA, Spain, Russia, France, Ukraine.
We'll continue monitoring the market segment for fake documents, and, post, updates, as soon, as, new, developments, take place.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Tags:
Cybercrime,
Fake Documents,
Fake ID,
Fake Passport,
Fake Utility Bill,
Hacking,
Information Security,
Security
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Friday, August 19, 2016
Invitation - Private Party - Kings of Wisdom
Dear, blog, readers, I decided to invite selected, blog, readers, to, a, private, party, hosted, in, my, town, for, the, opening, of, Kings of Wisdom [hard copy] magazine.
If, you're, interested, in, attending, and, bringing, back, the, spirit, of, what, used, to, be, the, scene, you, can, approach, me, at ddanchev@confidantmail.org 1790eb593d891cec2e0cd07ee044b283cce9c011 to request, attendance, details.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
If, you're, interested, in, attending, and, bringing, back, the, spirit, of, what, used, to, be, the, scene, you, can, approach, me, at ddanchev@confidantmail.org 1790eb593d891cec2e0cd07ee044b283cce9c011 to request, attendance, details.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Wednesday, August 17, 2016
Newly Launched Cybercrime Service Offers Access to POS Terminals on Demand
Cybercriminals
continue applying basic market segmentation concepts, to their
underground market propositions, to further ensure, that, they're
capable of targeting the right audience, potentially generating
hundreds of thousands of fraudulently generating revenues in the
process.
From
basic, malware as a service underground market propositions, offering
access to country, city, ISP based type of malware-infected hosts, to
cybercrime-friendly services, offering access to malware-infected
hosts converted to anonymization proxies, to further target
additional market segments, within the cybercrime ecosystem,
cybercriminals continue to utilize basic market segmentation
concepts, based on the targeted population.
In
this post, we'll discuss a newly launched managed service, offering
access to POS (Point of Sale) terminals, further empowering, both,
novice, and sophisticated cybercriminals, with the necessary access
to commit related fraudulent activities.
The
service is currently offering access to POS (Point of Sale)
terminals, located, in the United States, Canada, Australia, United
Kingdom, the Netherlands and Germany, priced between $30 and $50 for
access to a POS (Point of Sale) terminal.
Cybercriminals,
continue relying on basic data mining concepts, while utilizing the
overall target population, further, ensuring that their
market-relevant propositions, while, continuing to generate fraudulent revenues, in, the, process.
We
expect to continue observing an increase in underground market
propositions, utilizing basic market segmentation concepts, further
positioning, both, novice, and experienced market leaders, as
relevant and competitive market participants, potentially generating
tens of thousands of fraudulently obtained assets in the process.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Managed Social Engineering Based Code Signing Generating Certificate Service Spotted in the Wild
Cybercriminals
are masters of social engineering, potentially tricking, tens of
thousands of users on a daily basis, into falling victims into
fraudulent cybercrime-friendly campaigns, generating them, hundreds
of thousands of fraudulent revenues, successfully, contributing to
the growth of multiple underground market segments, within, the
underground marketplace.
In
this post, we'll discuss a newly launched service, empowering, both,
novice, and experienced cybercriminals, with the necessary tools and
know how, to further commit, fraudulent activities, in the form of
socially engineered code signing certificates, obtained through the
registration of bogus and non-existent companies.
Priced at $1,000 per certificate, the service is also offering discounts on a volume basis, including custom contacts based customization files, including detailed info about the rogue company, used in the code signing process. Relying on basic 'visual social engineering' concepts, cybercriminals are perfectly positioned, to execute a successful campaign on a mass scale, or in a targeted nature, successfully targeting tens of thousands of users.
We
expect to continue observing relevant code signing as a service, type
of cybercrime-friendly propositions, within the cybercrime ecosystem,
with more market vendors, entering the market segment, further
positioning themselves, as market leaders, through basic market
segmentation, and efficient social engineering techniques.
Tags:
Cybercrime,
Fake Certificate,
Fake Code Signing Certificate,
Hacking,
Information Security,
Security,
Social Engineering
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Spam-friendly Image Randomization Tool Released on the Underground Marketplace
Cybercriminals,
continue applying basic QA (Quality Assurance) processes, to their
fraudulent campaigns, on their way to achieve a posive ROI (Return on
Investment) out of their fraudulent activities.
In
this post, we'll discuss a newly launched commercial tool, that's
capable of generating unique images, for the purpose of tricking spam
filters, in an attempt to trick end users into falling victim into
the fraudulent campaign.
Priced
at $25, the API-enabled tool is capable of converting a regular
image, executed in a spam campaign, into a new one, successfully
bypassing spam filters, exposing end users to fraudulent attempts,
generating fraudulent revenue, for the
cybercriminals behind the campaign.
We
expect to continue observing an increase in QA (Quality Assurance)
driven underground market propositions, leading to a successful set of
fraudulent propositions, dominating the underground marketplace.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Tuesday, August 16, 2016
Cybercriminals Offer Fake/Fraudulent Press Documents Accreditation On Demand
In a
cybercrime ecosystem, dominated by fraudulent market propositions,
and new market entrants occupying new market segments on a daily
basis, cybercriminals are perfectly positioned, to continue offering,
commoditized underground market goods, such as, for instance, fake
documents, for the purpose of generating fraudulent revenue, while
empowering fellow cybercriminas, with the necessary tools to further
commit fraudulent activities.
In
this post, we'll, discuss a newly launched service, offering fake press
accreditation documents, and discuss the overall relevance of the
service, in the context of the underground marketplace's ongoing
commoditization, basic market segmentation concepts, as well as newly
applied concepts such as DIY (do-it-yourself) type of services, and
basic OPSEC with QA (Quality Assurance) in mind.
The
service is currently offering custom-made press accreditation
documents for the Russian Federation, allowing potential
cybercriminals the ability to access press-free zones, potentially
commiting related fraudulent activities.
The
price varies between $62 and $130 depending on the
number of fake documents requested, including the option to request
anonymous delivery of the fake documents.
Thanks
to a vibrant DIY (do-it-yourself) custom-based type of fake documents
generating market segment, cybercriminals, have also successfully
managed to efficiently streamline the process of generating these
documents, applying, both, basic OPSEC (Operational Security)
measures in place, to ensure that they're perfectly positioned to
reach to their targeted audience, while preserving a decent degree of
their operational procedures, as well as Q&A (Quality Assurance)
processes, to further ensure the quality of their underground market
proposition.
We expect to continue
observing a decent supply of segmented market propositions,
targeting, both, novice and experienced cybercriminals, seeking to
obtain fake documents, on their way to commit related fraudulent
activities.
Related posts:
Cybercriminals Offer High Quality Plastic U.S Driving Licenses/University ID Cards
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Tags:
Cybercrime,
Fake Documents,
Fake ID,
Fake Passport,
Hacking,
ID Theft,
Identity Theft,
Information Security,
Security
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Historical OSINT - Exposing the Market for Stolen Credit Card Data
With the carding underground continuing to flourish, for the purpose, of, monetizing commoditized underground items such as, stolen credit cards, cybercriminals continue to over-supply the market segment for stolen credit cards data, largely relying on a boutique type of cybercrime-operations business model, continuously supplying the market segment with tens of thousands of stolen credit cards data.
Thanks, to, the general availability of malicious software whose purpose is to obtain and process stolen credit cards data, cybercriminals continue to over-supply the marketplace with tens of thousands of stolen credit cards, further, continuing, to, monetize the commoditized underground marketplace item, through, the use of boutique E-shops, offering access to tens of thousands of stolen credit cards data.
In this post we'll profile several boutique E-shops for stolen credit cards data and provide actionable intelligence on the cybercriminals behind it.
Related data exposing the infrastructure behind the most popular boutique E-shops offering access to stolen credit cards data:
accessltd.ru - Email: admin@accessltd.ru
track2.name - Email: rubensamvelich@gmail.com;rubensamvelich@yahoo.com
bulba.cc - Email: bulbacc@rocketmail.com; bulbacc@yahoo.com
ccStore.ru - Email: ooo.service@yahoo.com
dumps.cc - Email: dumps.cc@safe-mail.net
ccmall.cc - Email: b2b.maxim@gmail.com; lvjiecong@yahoo.com.cn
trackstore.su - Email: roger.sroy@yahoo.com
magic-numbers.cc - Email: elche011@yahoo.com
allfresh.us - Email: keikomiyahara@yahoo.com; dcb725@gmail.com
freshstock.biz - Email: wattt80@yahoo.com
approven.su - Email: yurtan20@e1.ru
cv2shop.com - Email: vipforexbiz@gmail.com
vzone.tc - Email: Whois Privacy Activated
privateservices.ws - Whois Privacy Activated
trackservices.ws - Whois Privacy Activated
perfect-numbers.cc - Email: kachanaburi@yahoo.com
mega4u.biz - Email: persiks@online.ua
pwnshop.cc - Email: alexandanns@gmail.com
bestdumps.su - Email: bestdumpssu@live.com
mycc.su - Email: admin@mycc.su
bestdumps.biz - Email: admin@bestdumps.biz
dumpshop.bz - Email: tonchang2011@yahoo.com
cardshop.bz - Email: tonchang2011@yahoo.com
Thanks to the vibrant cybercrime ecosystem, cybercriminals will continue to actively monetize access to malware-infected hosts, for the purpose, of earning fraudulent revenue and achieving stolen assets liquidity, while earning fraudulent revenue in the process.
We'll continue monitoring the market segment for stolen credit cards data, and post updates as soon as new developments take place.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Thanks, to, the general availability of malicious software whose purpose is to obtain and process stolen credit cards data, cybercriminals continue to over-supply the marketplace with tens of thousands of stolen credit cards, further, continuing, to, monetize the commoditized underground marketplace item, through, the use of boutique E-shops, offering access to tens of thousands of stolen credit cards data.
In this post we'll profile several boutique E-shops for stolen credit cards data and provide actionable intelligence on the cybercriminals behind it.
Related data exposing the infrastructure behind the most popular boutique E-shops offering access to stolen credit cards data:
accessltd.ru - Email: admin@accessltd.ru
track2.name - Email: rubensamvelich@gmail.com;rubensamvelich@yahoo.com
bulba.cc - Email: bulbacc@rocketmail.com; bulbacc@yahoo.com
ccStore.ru - Email: ooo.service@yahoo.com
dumps.cc - Email: dumps.cc@safe-mail.net
ccmall.cc - Email: b2b.maxim@gmail.com; lvjiecong@yahoo.com.cn
trackstore.su - Email: roger.sroy@yahoo.com
magic-numbers.cc - Email: elche011@yahoo.com
allfresh.us - Email: keikomiyahara@yahoo.com; dcb725@gmail.com
freshstock.biz - Email: wattt80@yahoo.com
approven.su - Email: yurtan20@e1.ru
cv2shop.com - Email: vipforexbiz@gmail.com
vzone.tc - Email: Whois Privacy Activated
privateservices.ws - Whois Privacy Activated
trackservices.ws - Whois Privacy Activated
perfect-numbers.cc - Email: kachanaburi@yahoo.com
mega4u.biz - Email: persiks@online.ua
pwnshop.cc - Email: alexandanns@gmail.com
bestdumps.su - Email: bestdumpssu@live.com
mycc.su - Email: admin@mycc.su
bestdumps.biz - Email: admin@bestdumps.biz
dumpshop.bz - Email: tonchang2011@yahoo.com
cardshop.bz - Email: tonchang2011@yahoo.com
Thanks to the vibrant cybercrime ecosystem, cybercriminals will continue to actively monetize access to malware-infected hosts, for the purpose, of earning fraudulent revenue and achieving stolen assets liquidity, while earning fraudulent revenue in the process.
We'll continue monitoring the market segment for stolen credit cards data, and post updates as soon as new developments take place.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Posts (Atom)