Thursday, January 14, 2021

From "The Underground" With Love - A Compilation of Cybercrime Underground Chatter Referencing My Research

Dear blog readers,

I've decided to make a quick compilation of underground chatter including references of my research courtesy of high-profile cybercriminals internationally with the idea to raise awareness on their existence and to provoke more researchers to dig even deeper on their way to track down and prosecute the cybercriminals behind these campaigns.

Recommended reading:

- Medium

- Twitter

- Speakerdeck

- Archive.org

If an image is worth a thousand words consider going through the following images courtesy of cybercriminals referencing my research:













Stay tuned!

Dancho Danchev's Keynote at CyberCamp 2016 - "Exposing Koobface - The World's Largest Botnet" - Recommended Watching!

Dear blog readers,

I wanted to take the time and effort and let everyone know that you can now watch my keynote presentation from CyberCamp 2016 on the topic of "Exposing Koobface - The World's Largest Botnet" and actually get a bigger picture in terms of my research into the workings of the Koobface botnet where I was once the primary source of information on the way it used to work and eventually contributed to its demise by publishing personally identifiable information on one of its botnet masters potentially assisting U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind the campaign.

Stay tuned!

Dancho Danchev's Primary Contact Points - 2021

Dear blog readers,

Welcome to 2021. I've decided to share my primary contact points for 2021 in a separate post with the idea to allow everyone to add me as a contact or actually send me an instant message or an email regarding possible inquiry about some of my research including possible invite-only conference attendance or presentation proposal inquiry including possible part-time or full-time independent contractor based work and agreements.

Here are my primary contact points for 2021:

Primary email: dancho.danchev@hush.com

Email for sensitive projects: ddanchev@cryptogroup.net

Skype: dancho_danchev_

Silent Circle: ddanchev

Signal: +359 87 68 93890

WhatsApp: +359 87 68 93890

Threema: KY622AU5

Including the following social media accounts - Twitter, LinkedIn, Facebook including Medium.

You can also use the following public PGP key for my dancho.danchev@hush.com account in case you're interested in approaching me for a possible participation in a sensitive or classified project:

-----BEGIN PGP PUBLIC KEY BLOCK-----


mQINBF/di7UBEADQbxy54QJNZjBYVKeWRxEStiRgliSRlc4Wcb0z781WGu7o56wP

fJ/iRWCuXziFOJcEkv477f1xBdiDkchEkQif4REp+V3XYUsT6ciEBEiJ3gFmiit2

xeieHqsw6b6IdY/X18TeCvQRHBjw5ID6+XHwWiTg4tLZyPr45J7i2HOR5PU+WwdW

fYMZcEWuCKAG9r4PhL3wv9QhCQpwPOeCh9WKj9AQR+dHSfq6TTt1AFkw6GPBvzzZ

tYsnFDEk+fKqfOLxBmhvF+2vOnRZmQyzgL+vkCrZWrofpLrtH1hsbINIiDR4Ap04

VsZrJIMv8162UpGGL3oC0aN5kximlBwtdOS+4tYq5akd10D77M2gMt+Lup1TVktj

tFDg+eGXpKF/sbtYckco3eqUdAj7Dd6e55YTFcJFhN6aLAyFMVBbN3MXhoQmguxT

YTtzevVJtaTeDxshOzsfTZZcvPf9I67g3wIgEgDKut2bAzGeOqchS/j9gw9hA8Ak

mkXoQw1PXoP++mWS2Y98iv616lbKK2i9/9/2WrCUVi6hyu67+AvyuOugA1LlDkuX

saJHB/2j1mBGr/VCe6eFD7nxV1fDfiUtIEwQDPM4bjSQePfLsSkW5bfnp+joODav

ntO8BZ66BhRYEYXQX8vNDLdSRSYyriQssRWdJ3DghKCZkYoKMpP6NqnL/QARAQAB

tChEYW5jaG8gRGFuY2hldiA8ZGFuY2hvLmRhbmNoZXZAaHVzaC5jb20+iQI4BBMB

CAAiBQsJCAcKBxUICgkLAgMEFgECAwIZAQWCX92LtQKeAQKbIwAKCRDYjPpRcde0

B4fJEADM6iCaX2ekmnFe+Z/qEsReGZasEPpmJfTQCSgVXw8FbbkOXaeGxn6TRrEd

AGBl99Xe05AIFjOWEEOWn/hDxeTPurbeHvpDkyGdXD6SgE4/sIFnB9206db6XeWp

rE7uIkSgPNr+YW/3m1/G2N3McS/MYzvkk3NaAx6MVloKDlW/dunE7m92ngfjDGAG

s+lrmniFeeakGfEyPCZw6GneeoDjFKyD3MbKOMWjWVLIQCi4LQ0+Ske0OOETs5MS

reYDXMphn0dWynFSzlYb7m5onmU6C1g6BjBc9HvG+xZpgBiK3JR5GPsKhse+4lS9

aVJKhfQ19zHRYIRycRBPU/zTDG27zvlsGLOBdPmsAaHP5MhOsJo1pTf5lt/INVYf

Dll/Fu84XGseHgno6iEybZDhOMhXBx8LOUbLn6JLh7yurcbTvRhyACMAAJzsAymw

JG/ydFCY9N6hzFo8aSQVW2Km41Lst/1ngJ2ZOIgjnzJSyb4MDZmV8NlI+wfMjdgw

csW9xKuLwfMsB9Km0xm3klYUS0ReZPA+IQmi8gLqNikK+fEDTJsfRZm2LtRHvKZm

Mjx5mFiX/Kv+1nnxp/OFXo9P6L6WwauRWUIF95Ak2+d4F04mbwA2bGaYgvuWyik+

Uo0KfNrKzjaW52MSLdXmwJAsMwMc6i+xwNX359u4jCkoT6CA3bkCDQRf3Yu1ARAA

wB8olWg/sOWnVl9lG1bQOUJaIZR0QUlABMOpzvcZH8CoSfvcTXivDuCCl03+juDX

8BgPMRI9QigOBWnZwBZ0PgLW05SZ8339SOmFBsX0v0wadXj7C7HOcLvwC1XivPVI

LIXHUb+8aCBPurBx3Y3vj+fkmXEUVBO6853u36n+hf3gLM9K/IkNxSTRLIM8WY1r

+vGHtDQgrZk6KAUy81J1Jy+LIMUJV0Y/3HBaLCNXcRZbNNQ1hKq2CTttvOYOmHPV

JvMmPd0PHbsdVj1uU1fTZu52fVzBqvNboo3VA6Lv1/QlGMzIVFImjFOQ0GvJY3i5

jU9d7UEXxWKtJtsDkIxBYC20Ri2NSn8UjWlVNoIp6Y2PsJeosUcJXqMXARQ8jjLA

xKZZQnNsMGxIdKimtUY9dH+4oH8+hmszCnCLDSu6YDFFUWPw57opg2Z2sv0J4Nsp

gw82J9bV5n4gIzBVodoP3WuzHqdoE39QYNe/b9woDw08yYuwYwz6cK5d2s400s4v

ycosJvh6+vDSYWQpzriFPSDFnF2VgWN6AcAK20z575AOkO0u9dTHv8ySJtxrhOux

Z2vfgiZ79QZmj+6AFgNvCD4syRl6pgeD7kIgGGWYf/V0HFdOLw5xVkNxFih8AcwH

cn8Wh9m6ImOsHErfVVRKSbChWG4PxlsWZEHUqTR/V4kAEQEAAYkCHwQYAQgACQWC

X92LtQKbDAAKCRDYjPpRcde0B+fGD/9f0XUQKQXE6dzq6P18UewWmOqgQldmjCrO

2yx1oDtx0zognbmHLHVof509ys27cQFBzgar4WB+xtsorf+L4UdUHIy6D+JWInbH

/ZvoOuvQNubBb+8oAJMcyaoEPWUY7lD89VCNy01R8VTfhOUNhgSs/3nRENqqv8a2

b3FAD9xWYQn2ogKTIZYMkcrb7HiRFM4wfJ43PXqtjrpubXMoL+oSczOSG/mygUgC

6qOdxeNs+siRsCyWuQfWbjBrRg/2hegBS7BHWfMYLK/JWJYRjHcArdTVGVlLPlO9

BWcDm4uU+Lq8skFyy915hUjQnfVVLpnC7kf9mXgmQrRerzbPw1sVVWcZXgaTXTbz

IbY/M3oS569ptzKnsfwRyH1vA6W1K93wV9dmxMeGmR1qojW8gAAFdjKBw4SUfMnX

9hs45KBknc9iFsvnLrHK9MY5Wrzd6Nn9owqQGQBDeKig6RuhaB+kwmSRUJM48/4d

T2MG0aw6YMPAnaiycPjT1R4DreaG9fAWw17Wc1sLfpvrhuUeAXJdLDS5emq3lSPW

pQPVF4Drw8MFK7iAfcaZY56nSl7Xw52O+D4ULNkM+A8vzh66pAw7HCInR8JB5pI5

XIRzoEi2bteAGVwZOCpch09vNf9lqy9ZWQCUacEIg0OLPPwwvacPbRucK0oIcTIG

VKW/gh/SxA==

=RAw5

-----END PGP PUBLIC KEY BLOCK-----

Stay tuned!

Wednesday, January 13, 2021

Dancho Danchev's Biography - The Inside Story Behind the Life of ex-Bulgarian Hacker Dancho Danchev - Recommended Reading!

Dear blog readers,

I've decided to take the time and effort and say big thanks to everyone who's been following my research since December, 2005 and has been touching base to say "hi" or to offer operational support or to share their "know-how" and opinion about the research that I've been publishing on my personal blog.

I've recently posted a high-profile and recommended reading article at my Medium account which you can check out here. The article is basically a first-person account of my life and experience as an ex-Bulgarian hacker today's World's leading expert in the field of cybercrime research and threat intelligence gathering which you might be interested in reading and actually sharing with your social network including friends and colleagues.

Stay tuned!

Tuesday, January 12, 2021

Dancho Danchev's Security Research Compilation at his Medium Account - Official E-Book Compilation

 

Dear blog readers,

I wanted to let everyone know that I've just made all of my Medium account articles currently available in multiple offline E-book formats available online for free which you can grab from here.

Topics covered include:
- U.S and U.K Intelligence Community Secret and Top Secret program's  elaboration
- Technical Collection articles
- OSINT Analysis

Stay tuned!

Dancho Danchev's Offensive Cyber Warfare Articles for Unit-123 - Official E-Book Compilation

 

Dear blog readers,

I wanted to let everyone know that I've just released an official E-book compilation which is currently available online for free for all the articles that I've been publishing at my personal online E-shop for intelligence deliverables called Unit-123.org which you can grab from here.

Topics include:
- Geopolitical issues in the context of cyber warfare
- Cyber Warfare doctrine principles
- Offensive Cyber Warfare articles and basic principles covered

Stay tuned!

Wednesday, January 06, 2021

Exposing the Pay Per Install Underground Business Model – Historical OSINT - An Analysis - 2008

What are some of the primary scareware and adware distributors circa 2008? Which were the most profitable pay-pay-install and drive-by-download affiliate-network based revenue-sharing scheme malicious and fraudulent scareware and adware pushing providers circa 2008? Who was providing them with the necessary infrastructure to help them stay online and earn fraudulent profit in the processes of pushing fake security software also known as scareware including adware to hundreds of thousands of unsuspecting users online? Keep reading.

In this exclusive analysis I'll provide actionable intelligence on some of the major rogue and fraudulent pay-per-install and drive-by-download scareware and adware pushing affiliate-network based type of rogue providers circa 2008 and discuss in-depth the tactics techniques and procedures of the cybercriminals behind these affiliate-networks including actionable intelligence on the infrastructure behind these campaigns.

Sample Key Pay-Per-Install and Drive-by-Download Affiliate-Networks that I'll expose in this analysis circa 2008 include:
  • LuxeCash
  • LoudMo
  • Adware Dollars
  • GoldenCashWorld
  • CodecMoney
  • Earnings4you
  • EXE Revenue
  • Go-Go-Cash
  • InstallConverter
  • InstallerCash
  • Junior VIP
  • Oxocash
  • Snap Installs
  • Spicy Codec
  • The Installs
  • Traf Cash
  • Vomba Cash
  • Wave Revenue
  • Ya Bucks
  • Yazzle
  • Zango Cash
  • 3XL Parnership
  • Cash Boom
  • Cash Codec
  • Cash Wrestler
  • Buckware
  • Bakasoftware
  • Cash Panic
  • Dogma Software
  • K2Cash
  • Traffic Converter
  • VipSoft Cash
  • Dailybucks
  • EU Pays
  • Golden Cash
  • Profit Cash
  • Ruler Cash
  • Sex Profit
  • VIP Convert
  • Stimul Cash
Sample Screenshots of some of the key pay per install affiliate programs circa 2008:






Sample Screenshot of Adware Dollars:






Sample Screenshot of Bakasoftware:


Sample Screenshot of Bakasoftware's Admin Interface:






Sample rogue and fraudulent domains known to have been involved in Bakasoftware-related campaigns:
hxxp://av-xp-08.com
hxxp://av-xp-2008.com
hxxp://antivirusxp08.net
hxxp://antivirusxp2008.net
hxxp://antivirusxp-2008.net
hxxp://antivirusxp-08.net
hxxp://antivirus-xp-08.net
hxxp://antivirus-xp-08.com
hxxp://antivirusxp-08.com
hxxp://antivirusxp-2008.com
hxxp://antivirxp08.com
hxxp://avxp08.net
hxxp://avxp-08.com
hxxp://avxp-2008.com
hxxp://avxp08.com
hxxp://avxp2008.com
hxxp://avxp-2008.net
hxxp://antivirusxp08.com
hxxp://antivirusxp2008.com
hxxp://antivirusxp-2009.com






















































































































































































































Including the following photos obtained from a private safari where the top performing participants in the rogue affiliate-network based programs participated:



















































Stay tuned!