<div style='background-color: none transparent;'></div>

RSS Feed!

Advertising Opportunities

Follow me Today!

Join me on AngelList!

Join me on LinkedIn!

Follow me on Twitter!

Dark Web Onion - Virtual Reality for Hackers and Security Experts

Dancho Danchev's Blog - Tag Cloud

Join the Community Today!

Donate Today!

Unit-123.org - Cyber Threat Intelligence Portal

Voting Poll

Dancho Danchev - Underground Forum Chatter - Disappearance- 2010

Dancho Danchev - Underground Forum Chatter - Disappearance- 2010

Dancho Danchev - Underground Forum Chatter - Disappearance- 2010

Dancho Danchev - Underground Forum Chatter - Disappearance- 2010

Dancho Danchev - Underground Forum Chatter - Disappearance- 2010

Dancho Danchev - Underground Forum Chatter - Disappearance- 2010

Dancho Danchev - Underground Forum Chatter - Disappearance- 2010

Dancho Danchev - Underground Forum Chatter - Disappearance- 2010

I'm Back!

Tuesday, September 17, 2019

Dear blog readers - it's been a while since I've last posted a quality update following my disappearance and possible kidnapping attempt circa 2010 but as many of you have noticed I've recently published a variety of research and CYBERINT type of articles in a variety of areas which means that I'll be shortly returning to the usual blogging rhythm successfully publishing a quality set of research articles anytime soon. I've also wanted to let you know that I've recently launched an extremely popular News Portal called Unit-123 offering practical advice to the U.S Intelligence Community including Cyber Warriors and Cyber Warfare experts including a Cyber Security and Hacking Community called Offensive Warfare including a Bitcoin soliciting bid on the Dark Web for the upcoming launch of a proprietary custom-based Virtual Reality Social Network for Hackers and Security Experts called Cybertronics (dzxvmqrl3rjxbzuer6vv5ejahniz2nefqxfmwspfmvzjo4xxzm7n4xad.onion) including the usual interview spree in an attempt to land a permanent job position as I've been working on a variety of personal and proprietary Security and OSINT projects.
  • Are you interested in having me speak at your event? Are you interested in inviting me to join a classified and potentially sensitive event or research group? Are you interested in becoming a writer at this blog? Are you interested in advertising at this blog? Feel free to approach me - disruptive.individuals@gmail.com
Consider going through some of my most recently published research:
In this post I'll walk you though the story of my disappearance including a brief introduction and explanation of my "hacker enthusiast" years circa the 90's where I've been busy doing "lawful surveillance" and "lawful interception" throughout my teenage years while I was not busy working full-time with several H/C/P/A (Hacking/Cracking/Phreaking/Anarchy) groups as a full-time member practically setting up the foundations of the Threat Intelligence market segment a few years later including the basics of Technical Collection type of position including Independent Contractor working under NDA in a post 9/11 World including a personal greeting to everyone who's been approaching me and reaching out offering support and technical and operational "know-how" including general "say hi" advice.

I want to express a personal gratitude to a good old research friend - Internet Anthropologist - who actually initiated a track-down action and managed to indirectly find me circa 2010 with the help of international and Bulgarian law-enforcement including fellow colleagues and friends from the Security Industry and U.S Intelligence Community circa 2008-2013 who attempted to track me down and find out more about my disappearance.

In this post I'll discuss my visit to the GCHQ circa 2008 with the Honeynet Project including an in-depth discussion on my "lawful interception" and "lawful surveillance" experience circa the 90's throughout my teenage hacker years including an in-depth discussion on the hacking Scene that I was proud to be a member of throughout the 90's having successfully participated in a variety of community and commercial projects including a personal thanks to the following friends and colleagues for offering support and keeping track of my research:
  • Jamie Riden for making a personal contribution to my PayPal account for research purposes
  • Steve Santorelli from Team Cymru for expressing interest in a proprietary Threats Database 
  • Michal Salat for participating in a brief trial of my Threat Data service 
  • Ian Cook for making a personal introduction to my current part-time employer KCS Group Europe 
  • Jeffrey Bardin from Treadstone71 who reached out and offered employment opportunity 
  • Harrison Cook who's been persistently donating and reaching out to support the Offensive Warfare 2.0 community 
  • John Young from Cryptome.org who helped spread the word about the Offensive Warfare 2.0 Community 
  • Liran Sorani from Webhose for the opportunity to participate in a part-time project 

An In-depth Analysis of the Hacking Scene circa the 90's through the prism of Dancho Danchev also known as tHe mAnIaC:

In a World where we've successfully set the foundation of offensive clandestine and psychological operations including the foundations of Technical Collection and the foundations of the Threat Intelligence market segment including the persistent emphasis on cyber threats facing U.S Government and U.S National Infrastructure in the context of enriching and disseminating actionable Threat Intelligence on a variety of U.S Intelligence Community including academic partners throughout the past decade successfully leading me to participate in a Top Secret GCHQ Surveillance and Monitoring Program basically keeping track of hackers and security researchers on Twitter for proactive Cyber Defense and OSINT purposes called "Lovely Horse" including a possible "4th Party Collection" trend-setting initiative circa 2008-2013 labeling some of my research as a possible "4th Party Collection" partner of U.S Intelligence Community including the tracking and take down of the Koobface botnet including my experience as a Managing Director of "The Underground" also known as Astalavista Security Group's Astalavista.com (Security Interviews - Part 01; Security Interviews - Part 02; Security Interviews - Part 03) throughout 2003-2006 with my ex-girlfriend now partner in life - Yordanka Ilieva -  when we used to rock the boat - and are prone to do so. Takes you back doesn't it? Keep reading.

Personal Photo of bedroom hacker - today's leading expert in the field of cybercrime research security blogging and threat intelligence gathering - Dancho Danchev also known as the tHe mAnIaC circa the 90's with his hacker girlfriend - Yordanka Ilieva - including various personal projects circa the 90's

  • I happen to have directly established a connection with one of the primary Sub7 Trojan Horse authors HeLLfiReZ which makes me pretty close to Steve Gibson in one way or another - throughout the 90's where we exchanged Trojan Horse samples while I was busy working for Trojan Defense Suite and the infamous Lockdown2000 anti-trojan software suite where I was busy working on signatures and help-guides compilation while I was also busy being a member of several hacking groups primarily found on the Cyberarmy.com Top 50 Hacking List including Progenic.com Top 100 hacking sites list.
  • Mail-bombing was a trend - in particular my personal experience of making jokes with friends who were unable to take care of 100+ email messages in their Inbox
  • Mass-Mailing List subscription - in particular the fact that my friends were not capable of finding a productive way to get rid of the messages and unsubscribe themselves
  • Telephony Denial of Service attack circa the 90's exploiting a popular for Eastern Europe Mail2SMS mobile provider feature - in particular the fact that it's not necessarily a pleasant experience to get rid of 100+ SMS messages received in a short-period of time
  • "Lawful Interception" of friends - something else that I'm not particularly proud of is my "lawful surveillance" and "lawful interception" experience and capabilities of people that I knew and that I used to know largely driven by the need to explore and learn more
  • Corporate Experience in the field of anti-trojan detection technologies and categorization - in particular my experience in creating trojan horse signatures and writing actual technical descriptions for the purpose of improving my employer's overall detection rate for a variety of trojan horse vendors circa the 90's.
Do you remember my work from the 90's? Are you familiar with the Scene circa the 90's? Feel free to approach me - disruptive.individuals@gmail.com or make a PayPal donation using my PayPal ID: dancho.danchev@hush.com for the purpose of fueling growth into my research.
Continue Reading | comments

Dancho Danchev's Blog - Open Call for Blog Contributors and Guest Bloggers

Sunday, September 15, 2019

UPDATE: Do you know which is one of the World's most popular Security blogs and who's running it? Guess what - you've been reading it all along. Ever since I started this blog in December, 2005 for the purpose of impressing my girlfriend and greatly inspired by a successful venture with Astalavista Security Group circa 2003-2006 I've received over 5M page views courtesy of a loyal base of users to whom I owe a great debt of gratitude for keeping track of my research and following my comments - in real-time. The time has come to expand and eventually launch a new set of products and services including a possible Advertising Inventory - therefore I've decided to launch an Open Call for Blog Contributors including Guest Bloggers. Interested in writing at this blog? Feel free to approach me - disruptive.individuals@gmail.com

Dancho Danchev's Blog - Major Security Web Property Statistics:

Dear blog readers, friends, partners, colleagues, Security Industry friends and partners including U.S Intelligence Community and U.S and International Law Enforcement friends and partners - it's been a decade since I originally decided to launch this blog positioning it as a top Security and Threat Intelligence including Cybercrime Research Major Web Property attracting thousands of high-profile and loyal users throughout the decade to whom I owe a great deal of personal thanks and admiration for following me and supporting my research and personal opinion throughout the years including the active spreading of high-quality and never-published before OSINT analysis cybercrime and threat intelligence gathering type of technical analysis.

In the spirit of offering high-quality research and malicious and fraudulent campaign analysis including the expansion of my personal blog to include a diverse set of new areas including a possible Advertising Inventory to offer to selected and invite-only vendors and organizations - I've decided to make an Open Call for Blog Contributors and Guest Bloggers with the idea to keep the spirit of my 2008-2013 series of analysis where I was busy dominating the news with new attack vectors and attacks techniques including the profiling and tracking down of new malware and cybercrime groups.

Interested in writing at this blog? Do you have a lot to say in the area of cybercrime research and Threat Intelligence including Privacy Anonymity and malicious software including botnets? Keep reading.

Who's Welcome to Approach me?
  • Academic Institutions looking for ways to properly promote their research and content by offering a selected individuals who'd be responsible for offering an in-depth never published before perspective on the Institution's cybercrime and malicious software research perspective
  • Threat Intelligence Vendors looking for ways to approach a new set of loyal user base and to promote their research products and services by appointing a selected individual who would be interested in communicating Key Vendor findings on a daily basis
  • Independent Freelancers looking to reach out to a loyal user base and receive the necessary expose in terms of having their article read by thousands of loyal and selected users on a daily basis
  • Friends and Colleagues with whom I've worked in the past or with who I continue to work nowadays who might be interested in making a valuable contributing to this high-quality Web property publication
Interested in writing at this blog? Do you want to make a valuable contribution? Feel free to approach me disruptive.individuals@gmail.com and I'll get back to you with proper access as soon as possible.
Continue Reading | comments

Historical OSINT - Georgian Justice Department and Georgia Ministry of Defense Compromised Serving Malware Courtesy of the Kneber Botnet

Wednesday, September 11, 2019

It's 2010 and I've recently came across to a compromised Georgian Government Ministry of Defense and Ministry of Justice official Web site spreading potentially participating in a wide-spread phishing and malware-serving campaign enticing users into interacting with the rogue U.S Intelligence and U.S Law Enforcement themed emails for the purpose of spreading and dropping malicious software on the targeted host's PC.

Sample malicious URL known to have participated in the campaign abusing common Web Site redirection application vulnerability flaw:

Related malicious URLs known to have participated in the campaign:

Spread URL found within the config:
hxxp://www.adventure-center.net/upload/x.txt -

Related compromised malicious URLs known to have participated in the campaign:

Related MD5s known to have participated in the campaign:
MD5: d0c0a2e6b30f451f69df9e2514ba36f2
MD5: 974a4a516260a4fafb36234897469013
MD5: ecb7304f838efb8e30a21189458b8544
MD5: 81b3bff487fc9a02e10288114fc2b5be
MD5: 234523904033f8dc692c743cbcf5cf2b
MD5: e2fffaffc1064d24e7ea6bab90fd86fc
MD5: 5941c9b5bd567c5baaecc415e453b5c8
MD5: 0ff325365f1d8395322d1ef0525f3b1f
MD5: 4437617b7095ed412f3c663d4b878c30
MD5: eb66a3e11690069b28c38cea926b61d2
MD5: 2b7e4b7c5faf45ebe48df580b63c376b

Known to have participated in the campaign are also the following two domains part of the Hilary Kneber botnet:
hxxp://dnicenter.com - Email: abuseemaildhcp@gmail.com
hxxp://dhsorg.org - Email: hilarykneber@yahoo.com

Related malicious download location URLs known to have participated in the campaign:
hxxp://mv.net.md/update/update.zip -
hxxp://dhsorg.org/docs/instructions.zip -;

hxxp://quimeras.com.mx/media/EuropeanUnion_MilitaryOperations_EN.zip -

Related malicious and fraudulent domains known to have participated in the campaign:
hxxp://dhsinfo.info -
hxxp://greylogic.info -;
hxxp://intelfusion.info -

hxxp://greylogic.org -

Related malicious MD5s known to have participated in the campaign:
MD5: 8b3a3c4386e4d59c6665762f53e6ec8e
MD5: 5fb94eef8bd57fe8e20ccc56e33570c5
MD5: 28c4648f05f46a3ec37d664cee0d84a8

Once executed a sample malware phones back to the following C&C server IPs:
hxxp://from-us-with-love.info -
hxxp://vittles.mobi -

hxxp://nicupdate.com -

Related malicious and fraudulent IPs known to have participated in the Hilary Kneber botnet campaign:

Related malicious and fraudulent domains known to have participated in the Hilary Kneber botnet campaign:
hxxp://download.sttcounter.cn -;

Related Hilary Kneber botnet posts:
Keeping Money Mule Recruiters on a Short Leash
Standardizing the Money Mule Recruitment Process
Dissecting the Exploits/Scareware Serving Twitter Spam Campaign
Koobface Botnet Starts Serving Client-Side Exploits
Continue Reading | comments

Fake NordVPN Web Site Drops Banking Malware Spotted in the Wild

I've recently came across to a rogue NordVPN web site distributing malicious software potentially exposing NordVPN users to a multi-tude of malicious software further compromising the confidentiality availability and integrity of the targeted host to a multi-tude of malicious software.

In this post, I'll provide actionable intelligence on the infrastructure behind the campaign and discuss in-depth the tactics techniques and procedures of the cybercriminals behind it.

Sample malicious URL known to have participated in the campaign:
hxxp://nord-vpn.club -;

Sample malicious MD5s known to have participated in the campaign:
MD5: 3c24aa2c26e3556194ffd182a4dfaae5a41f
MD5: 7d6c24992eff0d64f19c78f05ea95ae44bc83af1
MD5: d39c320c3a43873db2577b2c9c99d9bf2bdb285c
MD5: d5ed3c70a8d7213ed1b9a124bbc1942e2b8cfeea
MD5: e89efde8ae72857b1542e3ae47f047c54b3d341a
MD5: 59f511ea1e34753f41a75e05de96456ca28f14a7
MD5: 453c428edda0fc01b306cc6f3252893fce9763a7
Continue Reading | comments

Join Me on Patreon Community!

Monday, September 09, 2019

Dear blog readers,

I decided to let everyone know that I've recently launched my own Patreon Community Page with the idea to let everyone know that I'm currently busy crowd-funding a high-profile upcoming Cyber Security Investment Project - and I would love to hear from you more details about your thoughts regarding new Tier Features and whether or not you could make a possible long-term type of financial donation or sponsorship regarding my research and my security expertise.

The current status of the project:
- I'm currently busy soliciting additional input from colleagues regarding upcoming Tier Features
- I'm currently busy reaching out to colleagues to possibly convert them to Patreon Sponsors
- I'm currently busy working on a high-profile Security Podcast
- I'm currently busy working on a high-profile Security Newsletter

Has my research helped you or your organization in the past? Have you been a long-time blog reader? Have you learned something new? Did my active cybercrime and nation-state actor profiling helped you excel in your career path? Are you happy with what you're seeing? Dare to take a moment and refer a colleague or an organization my personal blog including my Patreon Community Page including a possible Patreon Sponsor request confirmation?

Looking forward to hearing from you at - dancho.danchev@hush.com

Continue Reading | comments

Historical OSINT - The Russian Business Network Says "Hi"

You know you're popular when "they" say "hi".

It's 2009 and I've received a surprising personal email courtesy of guess who - The Russian Business Network showing off the actual ownership of the hxxp://rbnnetwork.com domain and basically saying "hi". It's worth pointing out that throughout 2008-2013 I've extensively profiled the activities including the customer activities of some of the most prolific customers and members of the infamous Russian Business Network also known as the RBN in the context of blackhat SEO iFrame and input validation abuse across major Web properties including malvertising and various other malware-serving and client-side exploits serving campaigns including money mule recruitment and phishing campaigns the ubiquitous at the time fake security software also known as scareware in a variety of post series.
It's been a decade since I last profiled the most prolific and sophisticated market-leading bullet-proof hosting cybercrime enterprise - the Russian Business network which at the time was dominating the majority of campaigns that I was busy profiling with the help of fellow researchers to whom I owe a big deal of thanks for approaching me circa 2008-2013 namely Jart Armin and James McQuaid with whom I've been directly or indirectly keeping in touch throughout 2008-2013 for the purpose of offering quality research on the activities of the Russian Business Network including their customers and fraudulent and malicious campaigns.
Stay tuned and thanks for reaching out!

Related Russian Business Network (RBN) Research:
I See Alive IFRAMEs Everywhere - Part Two
I See Alive IFRAMEs Everywhere
Bank of India Serving Malware
U.S Consulate in St.Petersburg Serving Malware
Syrian Embassy in London Serving Malware
CISRT Serving Malware
Compromised Sites Serving Malware and Spam
U.S Consulate St. Petersburg Serving Malware
Massive RealPlayer Exploit Embedded Attack
Malware Serving Exploits Embedded Sites as Usual
MDAC ActiveX Code Execution Exploit Still in the Wild
Yet Another Massive Embedded Malware Attack
Embedding Malicious IFRAMEs Through Stolen FTP Accounts
Over 100 Malwares Hosted on a Single RBN IP
Detecting and Blocking the Russian Business Network
Exposing the Russian Business Network
Go to Sleep, Go to Sleep my Little RBN
Injecting IFRAMEs by Abusing Input Validation
RBN's Fake Account Suspended Notices
ZDNet Asia and TorrentReactor IFRAME-ed
Russia's FSB vs Cybercrime
Rogue RBN Software Pushed Through Blackhat SEO
Wired.com and History.com Getting RBN-ed
The Russian Business Network
Exposing the Russian Business Network
More CNET Sites Under IFRAME Attack
Embedded Malware at Bloggies Awards Site
Have Your Malware In a Timely Fashion
Geolocating Malicious ISPs
More High Profile Sites IFRAME Injected
The New Media Malware Gang - Part Four
Another Massive Embedded Malware Attack
Continue Reading | comments

DDanchev is for Hire!

Saturday, September 07, 2019

Looking for a full time threat intelligence analyst, cybercrime researcher, or a security blogger?

Approach me at dancho.danchev@hush.com
Continue Reading | comments
Copyright © 2011. Dancho Danchev's Blog - Mind Streams of Information Security Knowledge . All Rights Reserved
Company Info | Contact Us | Privacy policy | Term of use | Widget | Advertise with Us | Site map
Template Modify by Creating Website. Inpire by Darkmatter Rockettheme Proudly powered by Blogger