Exposing the Darkode Forum Bust and the Associated Individuals Behind It - Or How I Almost Got Kidnapped? - An OSINT Analysis

0
October 30, 2021

I've decided to share with everyone an in-depth analysis and assessment using public sources that basically exposes key members of the Darkode forum community who actually ordered a hitman for me for the price of $10,000 back in 2010 prior to my illegal arrest and kidnapping attempt.

In this post I'll provide actionable intelligence on their online whereabouts with the idea to assist U.S Law Enforcement on its way to track down monitor and prosecute the cybercriminals behind these campaigns.


Sample Darkode forum domains active at the time:

hxxp://darkode.com - briankrebson@gmail.com

hxxp://darkode.pro

hxxp://darkode.com

hxxp://darkode.me

hxxp://darkode.cc

hxxp://darkode.su - Email: ctouma2@gmail.com


Sample names of key members of the Darkode forum community:

Johan Anders Gudmunds

Morgan C Culbertson

Eric L Crocker

Naveed Ahmed

Phillip R Fleitz

Dewayne Watts

Murtaza Saifuddin

Daniel Placek

Matjaz Skorjanc

Florencio Carro Ruiz

Mentor Leniqi

Rory Stephen Guidry - k@exploit.im

Sample personally identifiable information on key members of the Darkode forum community:

hotcoffeecup@jaim.at

s3x@neko.im

Arcore@jabber.org

sana@thesecure.biz

silic0n@jabber.org

split@thesecure.biz

ihack@thesecure.biz

systro@jabber.org

mafioso@xmpp.jp

zer0day@xmpp.jp

c4rl0s@jabber.ru

ipwn@cih.ms

h0tsh0t@jodo.im

jumbie@jabber.ru

off-sho.re@jabber.vc

x0x@jabba.biz

bestkrypt@rkquery.de bestkrypt - Email: annabellablibgs@hotmail.com - Email: apetrovskiy@evermail.org

elzig@exploit.im

na@exploit.im

m3gatr0n@jabber.ru

nassef@thesecure.biz

teardrop@swissjabber.ch

gamoonty@xmpp.jp

mojitka@jabber.org

the_bond@jabber.org

rzor@jabber.org

x47@xmpp.jp

mrborisb@xmpp.jp borisb

RG.JR9@thesecure.biz

zigma@jabber.org

propack@neko.im

dilibau@qip.ru

r3vproxy@jabber.org

synthetic@exploit.im

ling0@jabber.ru


Including the following C&C domains that were registered at the time:

upaskitv1.org - Email: jgou.veia@gmail.com

xylibox.biz

krebsonsecurity.biz

upaskitversion1.biz

stevenk.biz

briankrebs.biz

upaskit1.biz

researchsecurity.biz

securityresearch.biz

amatrosov.biz


Related C&C server domains that are known to have been registered at the time:

upasdomination.ru

exposedbotnets.ru

researchsecurity.biz


Related C&C server domains known to have been registered at the time:

hfgfr56745fg.com - 80.82.66.204


Sample personal photos of key members of the Darkode forum community that were basically responsible for ordering a hitman to look for me for the price of $10,000 and actively communicated between each other during my disappearance and kidnapping attempt: 

 


Stay tuned!

About the author

Dancho Danchev is the world's leading expert in the field of cybercrime fighting and threat intelligence gathering having actively pioneered his own methodlogy for processing threat intelligence leading to a successful set of hundreas of high-quality anaysis and research articles published at the industry's leading threat intelligence blog - ZDNet's Zero Day, Dancho Danchev's Mind Streams of Information Security Knowledge and Webroot's Threat Blog with his research featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine currently producing threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge. With his research featured at RSA Europe, CyberCamp, InfoSec, GCHQ and Interpol the researcher continues to actively produce threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge publishing a diverse set of hundreds of high-quality research analysis detailing the malicious and fraudulent activities at nation-state and malicious actors across the globe.

0 Reviews: