Monday, May 31, 2021

Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber and XMPP Accounts Including Email Address Accounts - Part Five

Dear blog readers,

I've decided to continue my "Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber and XMPP Accounts Including Email Address Accounts - Part Four" blog post series and I've recently decided to issue yet another update in terms of currently active high-profile XMPP/Jabber including email address accounts used by high-profile cybercriminals which I've managed to obtain using Technical Collection.

Sample currently active high-profile XMPP/Jabber accounts used by cybercriminals include:

webprofile@xmpp.jp
accssell@xmpp.jp
littlemancatch@xmpp.ru
lucifer619@xmpp.jp
1nsider@xmpp.jp
sniffedpcs@xmpp.jp
hola1318@xmpp.jp
7269@xmpp.jp
n7269@xmpp.jp
mulamoose@xmpp.jp
nmulamoose@xmpp.jp
monetization2015@exploit.im
convertbiz@exploit.im
rolex@exploit.im
zaska@exploit.im
bp.imperialplc@gmail.com
jonnyd123@jabb.im
chandlertruong@jabb.im
dumpstv@exploit.im
procrd@exploit.im
proxy.sh0p@exploit.im
oneflone@jabb.im
nprocrd@exploit.im
noneflone@jabb.im
XardySSN@exploit.im
klausvygrn@creep.im
GoldCard@jabber.calyxinstitute.org
russianhackerclub@jabber.ru
Kroner@jabb3r.org
Soccorio@jabber.ru
asdfo2@jabber.ru
dreambud@jabbim.cz
bestcash@jabber.me
bilalkhanicompk@jabber.ru
spliff@jabbim.cz
jabberman2012@securejabber.me
ponik@securejabber.me
realbest@jabbim.cz
r00t@jabber.root.cz
Bian.lien@jabber.ru
rockydevil@jabb3r.org
hunyses@jabbim.com
Bian.lien@jabber.org
jonnyd123@jabb.im
beijabar@free.fr
chandlertruong@jabb.im
nbeijabar@free.fr
oneflone@jabb.im
noneflone@jabb.im
nGoldCard@jabber.calyxinstitute.org
Kerlim@jabb3r.de

Sample cybercrime ecosystem screenshots obtained using Technical Collection:















Stay tuned!

Exposing Protonmail and Tutanota's Illicit Abuse by Ransomware Gangs - A Compilation of Currently Active Ransomware-Themed Email Addresses - Part Two

Dear blog readers,

I've decided to continue the "Exposing Protonmail and Tutanota's Illicit Abuse by Ransomware Gangs - A Compilation of Currently Active Ransomware-Themed Email Addresses" blog post series and offer an in-depth tactical and actionable threat intelligence on some of the currently active Protonmail and Tutanota email accounts known to have been involved in currently active ransomware campaigns.

A list of currently active Protonmail email address accounts known to have been involved in currently active ransomare campaigns:

saturndayc@protonmail.com

mammon0503@protonmail.com

GoNNaCrypt@protonmail.com

helpteam38@protonmail.com

mstr.hack@protonmail.com

hccapx@protonmail.com

erica2020@protonmail.com

werichbin@protonmail.com

getscoin3@protonmail.com

bugbugo@protonmail.com

newhelper24@protonmail.ch

recoverydata52@protonmail.com

metasload2021@protonmail.com

encryptor2020@protonmail.com

rans0me@protonmail.com

fiasco911@protonmail.com

metron28@protonmail.com

Bit_decrypt@protonmail.com

databack2@protonmail.com

SafeGman@protonmail.com

decrypt25@protonmail.com

n0pr0blems@protonmail.com

decryptfilekhoda@protonmail.com

SmartDen@protonmail.com

getdataback22@protonmail.com

geniusid@protonmail.ch

cryptonationusa@protonmail.com

cynthia-it@protonmail.com

aihlp@protonmail.com

ambrosiaa@protonmail.com

gangflsbang@protonmail.ch

usernamus@protonmail.com

basilisque@protonmail.com

mailnitrom@protonmail.ch

araujosantos@protonmail.com

paymebtc@protonmail.com

logiteam@protonmail.com

recovery_server@protonmail.com

china_jm@protonmail.ch

FushenKingdee@protonmail.com

imperial755@protonmail.com

geneve010@protonmail.com

geneve020@protonmail.com

ngeneve010@protonmail.com

ngeneve020@protonmail.com

grupposupp@protonmail.ch

ripntfs@protonmail.com

unlockmeADMIN@protonmail.com

ArtemisDC@protonmail.ch

leakthemall@protonmail.com

nleakthemall@protonmail.com

middleman2020@protonmail.com

nmiddleman2020@protonmail.com

moloch_helpdesk@protonmail.ch

mr.dec@protonmail.com

ZiCoyote@protonmail.com

recover_24_7@protonmail.com

nrecover_24_7@protonmail.com

ransomD3m@protonmail.com

newhelper@protonmail.ch

zemblax@protonmail.com

2rest0re@protonmail.com

n2rest0re@protonmail.com

Cryptoware12@protonmail.com

RestoreFile@protonmail.com

nRestoreFile@protonmail.com

TimothyCrabtree@protonmail.com

filedownload2020@protonmail.com

helpcov19@protonmail.com

black8201@protonmail.com

kjingx@protonmail.ch

gibberishEdmundBass@protonmail.com

recoverydata54@protonmail.com

mewellwisher@protonmail.ch

CCD-help@protonmail.ch

rdpconnect@protonmail.com

ReftuOne@protonmail.com

hupstore@protonmail.com

bepabepababy1@protonmail.com

myphoto.jpg.bepabepababy1@protonmail.com

BlackMajor@protonmail.com

zetfile@protonmail.ch

admincrypt@protonmail.com

nrecovery_server@protonmail.com

use_harrd@protonmail.com

un42@protonmail.com

Servicedeskpay@protonmail.com

yoursalvations@protonmail.ch

y0000@protonmail.com

supportcrypt2019@protonmail.com

0xc030@protonmail.ch

backuping@protonmail.com

0x1service@protonmail.com

document.txt.bepabepababy1@protonmail.com

Blitzkriegpc@protonmail.com

CyberSCCP@protonmail.com

dogeremembersss@protonmail.ch

mykeyhelp@protonmail.com

Zagrec@protonmail.com

jackgreen13@protonmail.com

jacksparrow@protonmail.com

my-contact-email@protonmail.com

alanson_street8@protonmail.com

lambchristoffer@protonmail.com

moncoin@protonmail.com

Unlckr@protonmail.com

castor-troy-restore@protonmail.com

unlockransomware@protonmail.com

52pojie_mail@protonmail.com

support981723721@protonmail.com

solutionshelp@protonmail.com

gluttonBD@protonmail.com

sigrun_decryptor@protonmail.ch

reservedecryption@protonmail.com

recoverydbservice@protonmail.com

wecanhelp2@protonmail.com

yoursalvationsa@protonmail.ch

dalailama2015@protonmail.ch

decrypthelpfiles@protonmail.com

5btc@protonmail.com

Anony.killers@protonmail.com

provectus@protonmail.com

Look1213@protonmail.com

mrbin775@protonmail.com

AskHelp@protonmail.com

Restore@protonmail.ch

Santa_helper@protonmail.com

Recuperadados@protonmail.com

cryz1@protonmail.com

petersburgrecover@protonmail.com

Recoverhelp@protonmail.ch

painplain98@protonmail.com

hpjar@protonmail.ch

ballxball@protonmail.com

crioso@protonmail.com

angry_war@protonmail.ch

cheet0s_de@protonmail.com

Pringls_us@protonmail.com

backinfo@protonmail.com

agent.dmr@protonmail.com

getscoin2@protonmail.com

hlpp@protonmail.ch

lxhlp@protonmail.com

onepconebtc@protonmail.com

recoverysql@protonmail.com

anna.kurtz@protonmail.com

x_coded@protonmail.com

niggchiphoterl974@protonmail.com

teamvi@protonmail.com

teamvv@protonmail.com

mr.crypteur@protonmail.com

help.me24@protonmail.com

support_blackkingdom2@protonmail.com

backcompanyfiles@protonmail.com

bhatmaker@protonmail.com

polssh1@protonmail.com

polssh@protonmail.com

coincidenceleague@protonmail.com

Prometheus.help@protonmail.ch

nPrometheus.help@protonmail.ch

btpsupport@protonmail.com

GeorjeHalique@protonmail.com

cottleakela@protonmail.com

villiamsscorj_rembly@protonmail.com

flopored@protonmail.com

hjelp.main@protonmail.com

Savemyfiles@protonmail.com

Lucky_top@protonmail.com

rsupport@protonmail.ch

rsupp@protonmail.ch

se_harrd@protonmail.com

crab1917@protonmail.com

6699nm@protonmail.com

decryptxxx@protonmail.com

grafimatriux72224733@protonmail.com

Catsexy@protonmail.com

A list of currently active Tutanota email address accounts known to have been involved in currently active ransomare campaigns:

yasomoto@tutanota.com

seamoon@tutanota.com

xsmaxs@tutanota.com

mammon0503@tutanota.com

samsung00700@tutanota.com

RestorFile@tutanota.com

notgoodnews@tutanota.com

hlper4y@tutanota.com

moloch_helpdesk@tutanota.com

vassago_0203@tutanota.com

pvphlp@tutanota.com

adolfhackler@tutanota.com

decryfiles2021@tutanota.com

axitrun2@tutanota.com

barboza40@tutanota.com

nbarboza40@tutanota.com

mailnitrom@tutanota.com

ha7medtit@tutanota.com

dashagh@tutanota.com

Citrteam@tutanota.com

nCitrteam@tutanota.com

nekross@tutanota.com

nnekross@tutanota.com

Swordf1sh@tutanota.com

recover10@tutanota.com

tcprx@tutanota.com

middleman2020@tutanota.com

nmiddleman2020@tutanota.com

Hiden_pro@tutanota.com

mr.dec@tutanota.com

retrnyoufiles23@tutanota.com

nretrnyoufiles23@tutanota.com

pecunia0318@tutanota.com

clyde.barrow15@tutanota.com

nRestorFile@tutanota.com

HappyNewYear2021@tutanota.com

vassago0225@tutanota.com

iamwellwisher@tutanota.com

yourfiles1@tutanota.de

kamira99@tutanota.com

host2021@tutanota.com

legalrestore@tutanota.com

fishersam1188@tutanota.com

price.decoding@tutanota.com

Blacknord@tutanota.com

krasume@tutanota.com

yuzhou13@tutanota.com

patrik008@tutanota.com

Files2021@tutanota.com

adren.kutospov.97@tutanota.com

donutmmm@tutanota.com

bcpfile17@tutanota.com

bitrequest@tutanota.com

konxnobx@tutanota.com

triplock@tutanota.com

ths1337@tutanota.com

rsa1024@tutanota.com

rememberggg@tutanota.com

skynet45@tutanota.com

Starbax@tutanota.com

Xzet@tutanota.com

mr.hacker@tutanota.com

Patagonia92@tutanota.com

powerbase@tutanota.com

mirey@tutanota.com

sabantui@tutanota.com

qar48@tutanota.com

yyuzhou13@tutanota.com

nmode@tutanota.com

Sacura889@tutanota.com

savemyself1@tutanota.com

yongloun@tutanota.com

dozusopo@tutanota.com

tchukopchu@tutanota.com

dokulus@tutanota.com

pashmak@tutanota.com

blackmax@tutanota.com

lizscudata@tutanota.com

clifieb@tutanota.com

dryidik@tutanota.com

ammon0503@tutanota.com

judgemebackup@tutanota.com

yourfiles1@tutanota.com

ARASUF@tutanota.com

ykup@tutanota.com

bhatmaker@tutanota.com

buratino2@tutanota.com

ticketbit@tutanota.com

Stay tuned!

Saturday, May 29, 2021

Shots from the Wild West - Random Cybercrime Ecosystem Screenshots 2021 - An OSINT Analysis

An image is worth a thousand words. 





































Stay tuned!